1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted gst-plugins-good1.0 1.22.0-5+deb12u2 (source) into proposed-up

    From Debian FTP Masters@21:1/5 to All on Sun Dec 29 18:40:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sat, 21 Dec 2024 14:32:49 +0100
    Source: gst-plugins-good1.0
    Architecture: source
    Version: 1.22.0-5+deb12u2
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Maintainers of GStreamer packages <gst-plugins-good1.0@packages.debian.org>
    Changed-By: Salvatore Bonaccorso <carnil@debian.org>
    Changes:
    gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high
    .
    * Non-maintainer upload by the Security Team.
    * qtdemux: Avoid integer overflow when parsing Theora extension
    (CVE-2024-47606, GHSL-2024-166)
    * jpegdec: Directly error out on negotiation failures (CVE-2024-47599,
    GHSL-2024-247)
    * gdkpixbufdec: Check if initializing the video info actually succeeded
    (CVE-2024-47613, GHSL-2024-118)
    * wavparse: Check for short reads when parsing headers in pull mode
    (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260)
    * wavparse: Make sure enough data for the tag list tag is available before
    parsing (CVE-2024-47778, GHSL-2024-258)
    * wavparse: Fix parsing of acid chunk
    * wavparse: Check that at least 4 bytes are available before parsing cue
    chunks
    * wavparse: Check that at least 32 bytes are available before parsing smpl
    chunks (CVE-2024-47777, GHSL-2024-259)
    * wavparse: Fix clipping of size to the file size (CVE-2024-47776,
    GHSL-2024-260)
    * wavparse: Check size before reading ds64 chunk (CVE-2024-47775,
    GHSL-2024-261)
    * avisubtitle: Fix size checks and avoid overflows when checking sizes
    (CVE-2024-47774, GHSL-2024-262)
    * matroskademux: Only unmap GstMapInfo in WavPack header extraction error
    paths if previously mapped (CVE-2024-47540, GHSL-2024-197)
    * matroskademux: Fix off-by-one when parsing multi-channel WavPack
    * matroskademux: Check for big enough WavPack codec private data before
    accessing it (CVE-2024-47602, GHSL-2024-250)
    * matroskademux: Don't take data out of an empty adapter when processing
    WavPack frames (CVE-2024-47601, GHSL-2024-249)
    * matroskademux: Skip over laces directly when postprocessing the frame
    fails (CVE-2024-47601, GHSL-2024-249)
    * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603,
    GHSL-2024-251)
    * matroskademux: Put a copy of the codec data into the A_MS/ACM caps
    (CVE-2024-47834, GHSL-2024-280)
    * qtdemux: Fix integer overflow when allocating the samples table for
    fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237,
    GHSL-2024-241)
    * qtdemux: Fix debug output during trun parsing
    * qtdemux: Don't iterate over all trun entries if none of the flags are set
    * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries
    (CVE-2024-47598, GHSL-2024-246)
    * qtdemux: Make sure only an even number of bytes is processed when handling
    CEA608 data (CVE-2024-47539, GHSL-2024-195)
    * qtdemux: Make sure enough data is available before reading wave header
    node (CVE-2024-47543, GHSL-2024-236)
    * qtdemux: Fix length checks and offsets in stsd entry parsing
    (CVE-2024-47545, GHSL-2024-242)
    * qtdemux: Fix error handling when parsing cenc sample groups fails
    (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240)
    * qtdemux: Make sure there are enough offsets to read when parsing samples
    (CVE-2024-47597, GHSL-2024-245)
    * qtdemux: Actually handle errors returns from various functions instead of
    ignoring them (CVE-2024-47597, GHSL-2024-245)
    * qtdemux: Check for invalid atom length when extracting Closed Caption data
    (CVE-2024-47546, GHSL-2024-243)
    * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596,
    GHSL-2024-244)
    Checksums-Sha1:
    1b656108db9b766a07f582dbb7c1f1f95ebf6dbb 4960 gst-plugins-good1.0_1.22.0-5+deb12u2.dsc
    6531cb9f931e9490fb77c6102352f66fb1c81277 54904 gst-plugins-good1.0_1.22.0-5+deb12u2.debian.tar.xz
    Checksums-Sha256:
    83a86de2c89dbb719b5aa306f69c5cf67c6732381d05f78eab8f1ca0411bb1d1 4960 gst-plugins-good1.0_1.22.0-5+deb12u2.dsc
    cf4b0b149c797d4cb255d2e90adaf9502ddd0d7c2e565e2c357deaf8ec3858c2 54904 gst-plugins-good1.0_1.22.0-5+deb12u2.debian.tar.xz
    Files:
    eaa10a8d325ee579b9e5b8165ef4a378 4960 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2.dsc
    1853fef1516a269f8e418a7bb90a6f90 54904 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmdnIdZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ej1MQAJDz13+3x0djJP2oeddnMwN3ublVSoay 19nKrjeH4FDyK26/m9ikOZNA9MBPr7lrCS18n2vx8DMfJnRTiAeh41L7ro0dm2RX MJTs4r3fwa8U8/S19cNWmVrME4jYXaieNnOK2WOBhOGx4gKgjZIxKSZxDldbVyxE rq4Ho4di7z1zxN4mjS0aAHf7RDPDi4fPX+5cNjSczXc6AQF3NywQTgBKhfXP/OG0 MQiZS40YnCNAcc9WQPwShsKtQ48jsxBCQMORLq2sqOwgvDp4CW8W9+Xqq/mCnxvd Bfw61l1Ej2Gx8q3YGb94+g81Iq4lfi5KZkau9EsAr7QWViJsDFIdTY9y1/BUPD3N RtL6mCHL5zNb3ztkEX3g74o4BqL2L558P4AFomHWoaIafZMouUYBfZ/bmI5bZiYu aDPJIFB1nKnJlUopT2M6muEO7fAiwH87vB69XxW4KC3Vw7U1BZtGii2sBmyvt1za NaRELfXPcF9VRMq2x1MJDnEyeuvDlgiRO47wd/Hhf9J6ZPFUM7Xh5/0kCJQR83tR qvt2nKdWenB5D3+zlX9dQmRvW0fKZiEfVGosDWmNprW8hkKJILK1OfxVLr6FXSTu Hc3l4p8FNrsTW1G5s2I0LyhRMy/jH6rUcXxHuuCsLGIT265CevZYnT89SJ7fmRsp
    v9cG+XBEZl3s
    =mhj/
    -----END PGP SIGNATURE-----


    --==============ê38582637356961097=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ3GHmQAKCRCb9qggYcy5 IQF5AP9ruaOQ8gMjVvXypSRGZY67pAB7H5OAM5lyNwiYhcAfBAEAqYoH7H4Oth5O UgnnLgOCfMPZPMfXasA4n7hDxPRjIQY=AHaq
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)