-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 14:32:49 +0100 Source: gst-plugins-good1.0 Binary: gstreamer1.0-gtk3 gstreamer1.0-gtk3-dbgsym gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbgsym gstreamer1.0-pulseaudio gstreamer1.0-qt5 gstreamer1.0-qt5-dbgsym gstreamer1.0-qt6 gstreamer1.0-qt6-dbgsym Architecture: armel Version: 1.22.0-5+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Salvatore Bonaccorso Description: gstreamer1.0-gtk3 - GStreamer plugin for GTK+3 gstreamer1.0-plugins-good - GStreamer plugins from the "good" set gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio (transitional package) gstreamer1.0-qt5 - GStreamer plugin for Qt5 gstreamer1.0-qt6 - GStreamer plugin for Qt6 Changes: gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * qtdemux: Avoid integer overflow when parsing Theora extension (CVE-2024-47606, GHSL-2024-166) * jpegdec: Directly error out on negotiation failures (CVE-2024-47599, GHSL-2024-247) * gdkpixbufdec: Check if initializing the video info actually succeeded (CVE-2024-47613, GHSL-2024-118) * wavparse: Check for short reads when parsing headers in pull mode (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260) * wavparse: Make sure enough data for the tag list tag is available before parsing (CVE-2024-47778, GHSL-2024-258) * wavparse: Fix parsing of acid chunk * wavparse: Check that at least 4 bytes are available before parsing cue chunks * wavparse: Check that at least 32 bytes are available before parsing smpl chunks (CVE-2024-47777, GHSL-2024-259) * wavparse: Fix clipping of size to the file size (CVE-2024-47776, GHSL-2024-260) * wavparse: Check size before reading ds64 chunk (CVE-2024-47775, GHSL-2024-261) * avisubtitle: Fix size checks and avoid overflows when checking sizes (CVE-2024-47774, GHSL-2024-262) * matroskademux: Only unmap GstMapInfo in WavPack header extraction error paths if previously mapped (CVE-2024-47540, GHSL-2024-197) * matroskademux: Fix off-by-one when parsing multi-channel WavPack * matroskademux: Check for big enough WavPack codec private data before accessing it (CVE-2024-47602, GHSL-2024-250) * matroskademux: Don't take data out of an empty adapter when processing WavPack frames (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over laces directly when postprocessing the frame fails (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603, GHSL-2024-251) * matroskademux: Put a copy of the codec data into the A_MS/ACM caps (CVE-2024-47834, GHSL-2024-280) * qtdemux: Fix integer overflow when allocating the samples table for fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237, GHSL-2024-241) * qtdemux: Fix debug output during trun parsing * qtdemux: Don't iterate over all trun entries if none of the flags are set * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries (CVE-2024-47598, GHSL-2024-246) * qtdemux: Make sure only an even number of bytes is processed when handling CEA608 data (CVE-2024-47539, GHSL-2024-195) * qtdemux: Make sure enough data is available before reading wave header node (CVE-2024-47543, GHSL-2024-236) * qtdemux: Fix length checks and offsets in stsd entry parsing (CVE-2024-47545, GHSL-2024-242) * qtdemux: Fix error handling when parsing cenc sample groups fails (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240) * qtdemux: Make sure there are enough offsets to read when parsing samples (CVE-2024-47597, GHSL-2024-245) * qtdemux: Actually handle errors returns from various functions instead of ignoring them (CVE-2024-47597, GHSL-2024-245) * qtdemux: Check for invalid atom length when extracting Closed Caption data (CVE-2024-47546, GHSL-2024-243) * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596, GHSL-2024-244) Checksums-Sha1: aa53464df704d8cfccecc0f8383561686374d713 24842 gst-plugins-good1.0_1.22.0-5+deb12u2_armel-buildd.buildinfo b9ebda9d6167ec4e8e06e5f28013f8c9d8ac76c5 90384 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_armel.deb 3ff3e8488de336582dc403365451ba133bc28c73 91336 gstreamer1.0-gtk3_1.22.0-5+deb12u2_armel.deb 9f5c54bf0e99ea80a4630a2b4df692e8382304b9 6197800 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_armel.deb b2b66c3ad612d83edcac0c1b81f803aec7f14aa6 2055468 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_armel.deb f30d7075c508568ad3d393c56be774d8c4763b97 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_armel.deb 5c8f0abee5526a8e4e1a30dac7e1fd0de62058d4 1421460 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_armel.deb c0f11765d6d014418f6e47b83f036bf73d66071d 118952 gstreamer1.0-qt5_1.22.0-5+deb12u2_armel.deb 3b3df122ca1c2f8a3651973c49c8da1b6f93f692 814080 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_armel.deb 2b19b137c7e569908bff4af90f842fb5a658985a 98572 gstreamer1.0-qt6_1.22.0-5+deb12u2_armel.deb Checksums-Sha256: a03169f54a22d1f905b84e1840402da38aa867ea60a320c11277c2cbb5185084 24842 gst-plugins-good1.0_1.22.0-5+deb12u2_armel-buildd.buildinfo 280cb7c84c60489b6a0d4fdcbccc739c425eaea67d8435b210ebe0ff71eb65f4 90384 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_armel.deb 66c6639a6b1c29c83b123995e886e44eeedbe0a8e309465a90a75cd8bfe80cd2 91336 gstreamer1.0-gtk3_1.22.0-5+deb12u2_armel.deb 517816878b35944543e501ef6f57e14df4584be4d5bcefdcb35d8d954c94df8d 6197800 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_armel.deb 06889685c9f3b1e5adab4c6cfea0193cafceef693d23f3ce8e2146d27474e282 2055468 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_armel.deb b392d6a0001432c04b8df69d4f8d96e1945400e82f19a3e1ff190b22939e2bea 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_armel.deb 499ea7418874aa39993eace8a98d94f307a594128a07fa45124b05c98211b1b0 1421460 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_armel.deb 133faf30d305bfff04afe7cc2d18cf12a108f9fb775c6ff0838a4f71728b7f47 118952 gstreamer1.0-qt5_1.22.0-5+deb12u2_armel.deb ba6fc68d2b9b6ba814d119a4485dc8ab90f38b3a06d9a4acc4f9c8453786d361 814080 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_armel.deb 2f58f4c58cabc9ff09489bfeede02636b69da52a6f3c024d7a872754c8fb02ba 98572 gstreamer1.0-qt6_1.22.0-5+deb12u2_armel.deb Files: 38c494b1b2c5a1334dceb9b3a59bd17f 24842 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2_armel-buildd.buildinfo d044ce7b29d168c0eb0e96370bf485a1 90384 debug optional gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_armel.deb 6aab38b5c137eedf8bcfe4c6cebc2729 91336 graphics optional gstreamer1.0-gtk3_1.22.0-5+deb12u2_armel.deb 32acb79518d2286114ccb2eb3bb0eb13 6197800 debug optional gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_armel.deb c6f926feb72161c2e5a7e3046dfd7b9a 2055468 libs optional gstreamer1.0-plugins-good_1.22.0-5+deb12u2_armel.deb 440cfb685e14f60aa766a1e088e15c09 72832 oldlibs optional gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_armel.deb 708e537fd8bb6de5fd652f0634697bb2 1421460 debug optional gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_armel.deb 34c761ae5429eb1252d7acb009c344ed 118952 graphics optional gstreamer1.0-qt5_1.22.0-5+deb12u2_armel.deb 72d6f660b43ea5e25c57afcc05e5f022 814080 debug optional gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_armel.deb 1fd580bb7854c2b58c2fa7a31e917363 98572 graphics optional gstreamer1.0-qt6_1.22.0-5+deb12u2_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE6s8UzO+WAx8RRAOV80lOEvgzuSsFAmdnJ3kACgkQ80lOEvgz uStTfhAAp+qMpq2Jbd3IHs3KDOCO7cnIxBrW+iW/BUAwkzz47em7cKpfGQSLDo2J Obsh9HLtQ/JZ2Svw7tMt1JuQxTtmYiK2JUM/lJ2TlQzpIbANdzgPQNDsrby41Ek0 V9vGH9DYGb9i1m+PyerUxcG6bh/YMMhlb9MKZx+w0eohhJj+L/LCpNASiMzff/UP xbJTM6apu6BXrjEhKV3Z3PNBMyxF11w2A2kAGFUCxduzgwPidHKLtbYpLxhfeaWB Fxwr8rjlLgPn370ZM0ifi7HdrQ4dx+5U80lDMHH9p/575dwDOEx1uUSFW7EM+rSn Ij58M0lpczfdcWXMqe4L/10SLvugIOmItT+BTNtoSVSy0Ghg+HOUElMu3n0r84w9 QPQ6nMJ0Ks9+PhB5JyVK+h2P6PEB2Ih7OKZfekpk6dtTPhgZh3Jw9e5SdcdjsJD4 TV/UAOSzrUU6OWMaPyQ3NjJ2Zul7MBtpLYphsrmEfdzPS1sUDoS/bP15tTEaDGl1 RmTzc9sGHsqIZuL30Vt7CyErag+K9nwnv8HUPRRpO3BUAz2RwWOiXofoBUGOvboW h95LmLE6rITU2KJjj2h8KUqPRnha6IyYqGmm5pcepEelUPMdtss8mHR9S5kobrhS 5CEAuOzVmdxHSupedEPMs1ENL9DraxY1Uy/xhw0XgEBZ5M/gFMQ= =XFox -----END PGP SIGNATURE-----