[SECURITY] [DSA 5702-1] gst-plugins-base1.0 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5702-1] gst-plugins-base1.0 security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 01 Jun 2024 07:20:41 +0000
Message-id: <[🔎] E1sDJ2f-009U2A-FU@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5702-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 01, 2024                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gst-plugins-base1.0
CVE ID         : CVE-2024-4453

An integer overflow in the EXIF metadata parsing was discovered in the
GStreamer media framework, which may result in denial of service or
potentially the execution of arbitrary code if a malformed file is
processed.

For the oldstable distribution (bullseye), this problem has been fixed
in version 1.18.4-2+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in
version 1.22.0-3+deb12u2.

We recommend that you upgrade your gst-plugins-base1.0 packages.

For the detailed security status of gst-plugins-base1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-base1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZay4pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RlARAAmIfIncL6OtrDoqmsIdVoAhc3ouI+X6X+GdkTellF4MUxo5e5t7L4AwNC
SxLAHqbqEgYRicB4pn6gv8AMBzN1Sn/8i3l8V74Eh93IVaId11hbXPEY4YUM3/Md
bHQNf8HYkBxfB0PbkuuIWiZpxRTbI9eyo0TwzzF4r74J2032k3hH5hHA+dbO8RiU
l//tv3WYpimyL6xrtxM7duws9r3iloEgUNHC2igJVZ0VRnYfmhIF23euzbcCbOal
pufHn7DR5CSbp0y2DMDIjwOu14ZJSvvgKzr1knH2t/zW2TuHnVwbDoSP1KBvpcqe
8kaSKcIJZoetxsIv/5wNoVj2IikDUomFO02QPGXIEuMrzYc7ZkX8JC4/+6dgRzKX
gFzPXuAU7gHtcmLLfIRnMkg5FVsbJfSUXDaL5tTW5YZ8aSoBUMHn/dNzfJXGn2oE
0nVce4cf0JpeTwMFYs9xT7xn0XCU8CggUjODGY11jGowPpgOXnLO3y08tx6iJ34M
QPcFSbhFkrRCgWXEhLTF9N0xpnmiYM0VanA3m2zJlBacotOfEG3ipeRrHylMTUun
9ATrxXWvVNY5hSSB7eK9X6RBSvRdtDPzJ5gzbk3zlH7MKIIyx6CiI+Zx51I292K3
6kmi9zmyFBZgnBzPX2Eigp0bNNZlRwOlOFYKwClcdsgO5yvaxX4=
=f9Uv
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5701-1] chromium security update
Next by Date: [SECURITY] [DSA 5703-1] linux security update
Previous by thread: [SECURITY] [DSA 5701-1] chromium security update
Next by thread: [SECURITY] [DSA 5703-1] linux security update
Index(es):
- Date
- Thread