-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 14:32:49 +0100 Source: gst-plugins-good1.0 Binary: gstreamer1.0-gtk3 gstreamer1.0-gtk3-dbgsym gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbgsym gstreamer1.0-pulseaudio gstreamer1.0-qt5 gstreamer1.0-qt5-dbgsym gstreamer1.0-qt6 gstreamer1.0-qt6-dbgsym Architecture: i386 Version: 1.22.0-5+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Salvatore Bonaccorso Description: gstreamer1.0-gtk3 - GStreamer plugin for GTK+3 gstreamer1.0-plugins-good - GStreamer plugins from the "good" set gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio (transitional package) gstreamer1.0-qt5 - GStreamer plugin for Qt5 gstreamer1.0-qt6 - GStreamer plugin for Qt6 Changes: gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * qtdemux: Avoid integer overflow when parsing Theora extension (CVE-2024-47606, GHSL-2024-166) * jpegdec: Directly error out on negotiation failures (CVE-2024-47599, GHSL-2024-247) * gdkpixbufdec: Check if initializing the video info actually succeeded (CVE-2024-47613, GHSL-2024-118) * wavparse: Check for short reads when parsing headers in pull mode (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260) * wavparse: Make sure enough data for the tag list tag is available before parsing (CVE-2024-47778, GHSL-2024-258) * wavparse: Fix parsing of acid chunk * wavparse: Check that at least 4 bytes are available before parsing cue chunks * wavparse: Check that at least 32 bytes are available before parsing smpl chunks (CVE-2024-47777, GHSL-2024-259) * wavparse: Fix clipping of size to the file size (CVE-2024-47776, GHSL-2024-260) * wavparse: Check size before reading ds64 chunk (CVE-2024-47775, GHSL-2024-261) * avisubtitle: Fix size checks and avoid overflows when checking sizes (CVE-2024-47774, GHSL-2024-262) * matroskademux: Only unmap GstMapInfo in WavPack header extraction error paths if previously mapped (CVE-2024-47540, GHSL-2024-197) * matroskademux: Fix off-by-one when parsing multi-channel WavPack * matroskademux: Check for big enough WavPack codec private data before accessing it (CVE-2024-47602, GHSL-2024-250) * matroskademux: Don't take data out of an empty adapter when processing WavPack frames (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over laces directly when postprocessing the frame fails (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603, GHSL-2024-251) * matroskademux: Put a copy of the codec data into the A_MS/ACM caps (CVE-2024-47834, GHSL-2024-280) * qtdemux: Fix integer overflow when allocating the samples table for fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237, GHSL-2024-241) * qtdemux: Fix debug output during trun parsing * qtdemux: Don't iterate over all trun entries if none of the flags are set * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries (CVE-2024-47598, GHSL-2024-246) * qtdemux: Make sure only an even number of bytes is processed when handling CEA608 data (CVE-2024-47539, GHSL-2024-195) * qtdemux: Make sure enough data is available before reading wave header node (CVE-2024-47543, GHSL-2024-236) * qtdemux: Fix length checks and offsets in stsd entry parsing (CVE-2024-47545, GHSL-2024-242) * qtdemux: Fix error handling when parsing cenc sample groups fails (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240) * qtdemux: Make sure there are enough offsets to read when parsing samples (CVE-2024-47597, GHSL-2024-245) * qtdemux: Actually handle errors returns from various functions instead of ignoring them (CVE-2024-47597, GHSL-2024-245) * qtdemux: Check for invalid atom length when extracting Closed Caption data (CVE-2024-47546, GHSL-2024-243) * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596, GHSL-2024-244) Checksums-Sha1: e38480f969e40706bcb837c4caa4e13c62103f57 24850 gst-plugins-good1.0_1.22.0-5+deb12u2_i386-buildd.buildinfo d0f79caec45c0d7c21639fa7445dd69d071bb916 79812 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_i386.deb e3548228bb02b90c2a41c2e75ef636d18bc0acbb 94092 gstreamer1.0-gtk3_1.22.0-5+deb12u2_i386.deb 76c793f7ac8a873025e4e3f514a59b64b2a161d3 5298524 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_i386.deb 9ba63f8a611161fbcbb2679e012cff380a86b068 2330008 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_i386.deb 98afbb8c99d8d29c1cb6c3a47bf3482cb74e7f6c 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_i386.deb 6e343db17b878e465a23bbbd6ea82e3ee6c4d229 1433788 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_i386.deb d1b1e7dc157ddc22513dfe381be2adff69a51839 127804 gstreamer1.0-qt5_1.22.0-5+deb12u2_i386.deb 67ee0c97e2af713ef61b23be18be28b880677f03 809472 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_i386.deb 1817c1b0631d58c957148fa38ee03e79b70792ee 102716 gstreamer1.0-qt6_1.22.0-5+deb12u2_i386.deb Checksums-Sha256: fbb8028362988ddb9bdbcdfb03fd9acfea6be77b8492bd49795f12e161eda573 24850 gst-plugins-good1.0_1.22.0-5+deb12u2_i386-buildd.buildinfo ed3791d334033d71a61bbf6d73b3476ab60583c990eb43de3f4d440517e9b3e6 79812 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_i386.deb 7af4883518a892ca8b96be25417d2d65aabc5fdcae77c27bd936c1e3a0746901 94092 gstreamer1.0-gtk3_1.22.0-5+deb12u2_i386.deb 07c38ee63d70c6eab43935fc4df7de0673b398ec4d5bc7c362b8e6089ea60865 5298524 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_i386.deb ced3a8d4f24aacac5bf1c1ef4e321f3b08505f790cbdee32e3081c776964d978 2330008 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_i386.deb ac97f456f25ccbc96984325a19760b04f4f01e26727798bf2d119fda031d094c 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_i386.deb 2082ce2a7ae3168d268930b78e560ef296be96c79061124ba97cfa9ac5fb43f8 1433788 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_i386.deb 6fc5a67967f8a4ad6ce585e8989f8ee589909da2b50f3052e422d4ee59d9df8e 127804 gstreamer1.0-qt5_1.22.0-5+deb12u2_i386.deb 1209bf3d647ee05f7b9c498c2527911aaabe60c42131899cc9a772de78069aab 809472 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_i386.deb d224fc5bdbdcf07abb3de2a8c1057ccee4c8de59065f9fb7500cb7866eb17c85 102716 gstreamer1.0-qt6_1.22.0-5+deb12u2_i386.deb Files: 353a501f082830ad54df02cacceb3224 24850 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2_i386-buildd.buildinfo 34687274bd00607a8a4bdd717b1d9356 79812 debug optional gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_i386.deb 7308947e9c247d6a61c77a97e5fba230 94092 graphics optional gstreamer1.0-gtk3_1.22.0-5+deb12u2_i386.deb 456cfccdccd95fca2cd3c887e2d76cc1 5298524 debug optional gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_i386.deb 6500a1aa2d6f87eb607badad1f273742 2330008 libs optional gstreamer1.0-plugins-good_1.22.0-5+deb12u2_i386.deb f5eb56db988a86f66478f3e4b4de7a1d 72832 oldlibs optional gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_i386.deb 7bd63fd1c6c95d0e82862f0a59efc038 1433788 debug optional gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_i386.deb e6b3a875c254a52ee4cb7f2c4b1abde5 127804 graphics optional gstreamer1.0-qt5_1.22.0-5+deb12u2_i386.deb 0b993b20cea70a60ef11177343104f63 809472 debug optional gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_i386.deb 286d1b91777e0c8f01586d947a400e2b 102716 graphics optional gstreamer1.0-qt6_1.22.0-5+deb12u2_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4Unr4QHS5Yi4rr9Q3KGKEAtjIVgFAmdnJR0ACgkQ3KGKEAtj IVj0pRAAhAsEKGmlZs0OqsGEBl0rEzD94y6GPtmhSekQu/eajw7PIkEuwJ5pS3Ft 8gCBQz08pZpZXUbEIOrY70d18T82ICAoBiAQB2vWS5TRg/4BC2ymsY0qPE7ENMvn 6ukaaFIORhff1QHxTZF6oSK70ZIcV3cvu94mHz+QyANYOwW7N3w5JKXOKeRdtbzC PQOh02YsOAwrvg8ATQaNZ4RKr3oJzUgg3Z4Q6t2lmXtHO8Drcb/qwLuEiqbo+hj4 roFB9PyxyHZJ4EkVt0UosBjfmWciUTZYrLCrEn9R39IlJr5R4c28BXi8+Jg2o1cq JOJhejT79ud171SEhHA8/cOReMSKyDa1HUkAxCIf8EC5iW9x1LE7JRjVkF4u/Q8T kdc1P5ZN7Wz/81r/iZZzld8GO6BKumf2Eo6cSUbKnfKl7H3DZJvMsPUZlnCZcc6q lgoc7au0KX2HiTxx1KiHyGiWEAoCKUSAfXHT5WVSimRimzuJ1pC1OF7NN1GUTuEq AXdvr4k1/OEqk178T0ZTLvquQI46K7Ei6vztEgp+5BZGVDDkmz9bQbOo4njkbRWr t6O0Vlnt14wvjmsaykCHQJJd/N5ZULo3576iUUHAOcZWxHEXIaJtfWhSIzGjH1T1 jm5AGpuxdqxESp/eDpqMVrzOOVqQhQhb9bSFAs7q0W+gx9vX3/0= =ESnr -----END PGP SIGNATURE-----