Bug#1112070: bookworm-pu: package gst-plugins-good1.0/1.22.0-5+deb12u3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1112070: bookworm-pu: package gst-plugins-good1.0/1.22.0-5+deb12u3
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 25 Aug 2025 22:35:59 +0200
Message-id: <[🔎] 175615415954.81484.3955206295999788190.reportbug@soju.westfalen.local>
Reply-to: Moritz Muehlenhoff <jmm@debian.org>, 1112070@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: gst-plugins-good1.0@packages.debian.org
Control: affects -1 + src:gst-plugins-good1.0
User: release.debian.org@packages.debian.org
Usertags: pu

Fixes a low impact security issues. Tests with various test files
were fine and autopkgtests via debusine also look good. debdiff
below.

Cheers,
        Moritz

diff -Nru gst-plugins-good1.0-1.22.0/debian/changelog gst-plugins-good1.0-1.22.0/debian/changelog
--- gst-plugins-good1.0-1.22.0/debian/changelog	2024-12-21 14:32:49.000000000 +0100
+++ gst-plugins-good1.0-1.22.0/debian/changelog	2025-08-20 20:44:45.000000000 +0200
@@ -1,3 +1,9 @@
+gst-plugins-good1.0 (1.22.0-5+deb12u3) bookworm; urgency=medium
+
+  * CVE-2025-47219
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Wed, 20 Aug 2025 20:44:45 +0200
+
 gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru gst-plugins-good1.0-1.22.0/debian/patches/CVE-2025-47219.patch gst-plugins-good1.0-1.22.0/debian/patches/CVE-2025-47219.patch
--- gst-plugins-good1.0-1.22.0/debian/patches/CVE-2025-47219.patch	1970-01-01 01:00:00.000000000 +0100
+++ gst-plugins-good1.0-1.22.0/debian/patches/CVE-2025-47219.patch	2025-08-20 20:44:38.000000000 +0200
@@ -0,0 +1,26 @@
+From b80803943388050cb870c95934fc52feeffb94ac Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Sat, 3 May 2025 09:43:32 +0300
+Subject: [PATCH] qtdemux: Check if enough bytes are available for each stsd
+ entry
+
+There must be at least 8 bytes for the length / fourcc of each entry. After
+reading those, the length is already validated against the remaining available
+bytes.
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4407
+Fixes CVE-2025-47219
+
+--- gst-plugins-good1.0-1.22.0.orig/gst/isomp4/qtdemux.c
++++ gst-plugins-good1.0-1.22.0/gst/isomp4/qtdemux.c
+@@ -11315,6 +11315,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux
+     gchar *codec = NULL;
+     QtDemuxStreamStsdEntry *entry = &stream->stsd_entries[stsd_index];
+ 
++    /* needs at least length and fourcc */
++    if (remaining_stsd_len < 8)
++      goto corrupt_file;
++
+     /* and that entry should fit within stsd */
+     len = QT_UINT32 (stsd_entry_data);
+     if (len > remaining_stsd_len)
diff -Nru gst-plugins-good1.0-1.22.0/debian/patches/series gst-plugins-good1.0-1.22.0/debian/patches/series
--- gst-plugins-good1.0-1.22.0/debian/patches/series	2024-12-21 14:32:49.000000000 +0100
+++ gst-plugins-good1.0-1.22.0/debian/patches/series	2025-08-20 20:44:13.000000000 +0200
@@ -30,3 +30,4 @@
 qtdemux-Actually-handle-errors-returns-from-various-.patch
 qtdemux-Check-for-invalid-atom-length-when-extractin.patch
 qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch
+CVE-2025-47219.patch

Reply to:

Follow-Ups:
- Processed: bookworm-pu: package gst-plugins-good1.0/1.22.0-5+deb12u3
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1112070: gst-plugins-good1.0 1.22.0-5+deb12u3 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>

Prev by Date: NEW changes in oldstable-new
Next by Date: Processed: bookworm-pu: package gst-plugins-good1.0/1.22.0-5+deb12u3
Previous by thread: Processed: Re: Bug#1112067: transition: qtbase-abi-5-15-17
Next by thread: Processed: bookworm-pu: package gst-plugins-good1.0/1.22.0-5+deb12u3
Index(es):
- Date
- Thread