[SECURITY] [DSA 5941-1] gst-plugins-bad1.0 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5941-1] gst-plugins-bad1.0 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 11 Jun 2025 18:56:41 +0000
Message-id: <[🔎] aEnRaQMFkRiAloQS@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5941-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 11, 2025                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gst-plugins-bad1.0
CVE ID         : CVE-2025-3887

Multiple vulnerabilities were discovered in the H.265 plugin for the
GStreamer media framework, which may result in denial of service or
potentially the execution of arbitrary code if a malformed media file
is opened.

For the stable distribution (bookworm), this problem has been fixed in
version 1.22.0-4+deb12u6.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

For the detailed security status of gst-plugins-bad1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmhJ0UkACgkQEMKTtsN8
TjZ7mQ//QQkdG8FsO/Cx6+DcQcgY5Ybt4FHCTNt7M8YpGBBW8NhwEVjYXtBwfaHj
WBuo2fEX+ME4+RLw2YGVGWqdCN5VsOMDgokJTJsw2IYdyBgM4UBjcrT05a7vwS96
tdGBmsFF3GkM25CbnaYwXvSrxhycsjBRRuA41B5hg7c8/jHp6mC/M8Dc12gUsuAr
xnFsSQaIzZtCZcE1lGXWkB34pDX7x8+etrQlT9N2c5LGg0YsxwyXgD+5ni6YoHYE
YqRqwZk4QyQ5/R5HAb1RiH7oKkELmgSnP+orLrUANditcAnIRPZ7gI1vDADDAk5f
C4cCwaSx7YBxySU5m7M3tiMKOTsHez4NMnTt4SgRJg/1++acx7CIIH7APd4lCia9
TO+CJSjokfcKvG2A8IDFiVO0qc3/1F/5xGSc6bpjqOVytcRNg8L8nJaJtBRBH1hV
idrw2SY5xJoTXLgM5gOyTCiJ/oKHF/cDWuXTEufg7KO2COXuj9tpN4oGf+7/7OIH
ls/xyMv+YgvvShOj8bofEBQHkjSHQfho0b4lK97N8Ko/C7vUp5EdSI5+mu522zpN
yBOPCFKGHLKJYH6Jx0kLXQG2lBKh1Oe+2Yw8EiFkBLm12QMdc/oCZoardLXwl8sJ
4tg7MLuWmVA0BKB4VUSclAm7kMkAvQ0DAQeloumMgPEP5p/L4zw=
=fj/F
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5940-1] modsecurity-apache security update
Next by Date: [SECURITY] [DSA 5942-1] chromium security update
Previous by thread: [SECURITY] [DSA 5940-1] modsecurity-apache security update
Next by thread: [SECURITY] [DSA 5942-1] chromium security update
Index(es):
- Date
- Thread