-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 14:32:49 +0100 Source: gst-plugins-good1.0 Binary: gstreamer1.0-gtk3 gstreamer1.0-gtk3-dbgsym gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbgsym gstreamer1.0-pulseaudio gstreamer1.0-qt5 gstreamer1.0-qt5-dbgsym gstreamer1.0-qt6 gstreamer1.0-qt6-dbgsym Architecture: mipsel Version: 1.22.0-5+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Salvatore Bonaccorso Description: gstreamer1.0-gtk3 - GStreamer plugin for GTK+3 gstreamer1.0-plugins-good - GStreamer plugins from the "good" set gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio (transitional package) gstreamer1.0-qt5 - GStreamer plugin for Qt5 gstreamer1.0-qt6 - GStreamer plugin for Qt6 Changes: gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * qtdemux: Avoid integer overflow when parsing Theora extension (CVE-2024-47606, GHSL-2024-166) * jpegdec: Directly error out on negotiation failures (CVE-2024-47599, GHSL-2024-247) * gdkpixbufdec: Check if initializing the video info actually succeeded (CVE-2024-47613, GHSL-2024-118) * wavparse: Check for short reads when parsing headers in pull mode (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260) * wavparse: Make sure enough data for the tag list tag is available before parsing (CVE-2024-47778, GHSL-2024-258) * wavparse: Fix parsing of acid chunk * wavparse: Check that at least 4 bytes are available before parsing cue chunks * wavparse: Check that at least 32 bytes are available before parsing smpl chunks (CVE-2024-47777, GHSL-2024-259) * wavparse: Fix clipping of size to the file size (CVE-2024-47776, GHSL-2024-260) * wavparse: Check size before reading ds64 chunk (CVE-2024-47775, GHSL-2024-261) * avisubtitle: Fix size checks and avoid overflows when checking sizes (CVE-2024-47774, GHSL-2024-262) * matroskademux: Only unmap GstMapInfo in WavPack header extraction error paths if previously mapped (CVE-2024-47540, GHSL-2024-197) * matroskademux: Fix off-by-one when parsing multi-channel WavPack * matroskademux: Check for big enough WavPack codec private data before accessing it (CVE-2024-47602, GHSL-2024-250) * matroskademux: Don't take data out of an empty adapter when processing WavPack frames (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over laces directly when postprocessing the frame fails (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603, GHSL-2024-251) * matroskademux: Put a copy of the codec data into the A_MS/ACM caps (CVE-2024-47834, GHSL-2024-280) * qtdemux: Fix integer overflow when allocating the samples table for fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237, GHSL-2024-241) * qtdemux: Fix debug output during trun parsing * qtdemux: Don't iterate over all trun entries if none of the flags are set * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries (CVE-2024-47598, GHSL-2024-246) * qtdemux: Make sure only an even number of bytes is processed when handling CEA608 data (CVE-2024-47539, GHSL-2024-195) * qtdemux: Make sure enough data is available before reading wave header node (CVE-2024-47543, GHSL-2024-236) * qtdemux: Fix length checks and offsets in stsd entry parsing (CVE-2024-47545, GHSL-2024-242) * qtdemux: Fix error handling when parsing cenc sample groups fails (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240) * qtdemux: Make sure there are enough offsets to read when parsing samples (CVE-2024-47597, GHSL-2024-245) * qtdemux: Actually handle errors returns from various functions instead of ignoring them (CVE-2024-47597, GHSL-2024-245) * qtdemux: Check for invalid atom length when extracting Closed Caption data (CVE-2024-47546, GHSL-2024-243) * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596, GHSL-2024-244) Checksums-Sha1: ffc33e6f0308be67b6a95799b13053674614d11a 24748 gst-plugins-good1.0_1.22.0-5+deb12u2_mipsel-buildd.buildinfo 3da64558b876f6d4addffc08e3a2a8d4e28fa097 89536 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_mipsel.deb 5322b32dedcee897004395d4d7fa905b6fb77bfc 90032 gstreamer1.0-gtk3_1.22.0-5+deb12u2_mipsel.deb d523ae08b32758147245d3bc97403ec608a40c2c 6234688 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_mipsel.deb 8db1cf868369ffd60d9b8d7c6dc87dc286a6cca4 1999984 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_mipsel.deb e90d59d243d0a0c200c70824f6f53df70288c053 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_mipsel.deb 140ff1510bcd769b2a74370f98f7eda48ffc1aa3 1456368 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_mipsel.deb 6df581d4950a82d59fb213421d8021400e9bd6e6 121952 gstreamer1.0-qt5_1.22.0-5+deb12u2_mipsel.deb ade0f8b18a819dcc44ce086c19c545c97a83d929 810388 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_mipsel.deb e60c7faaab1bc79f0bb0e3db8131ac87c3f876ab 100056 gstreamer1.0-qt6_1.22.0-5+deb12u2_mipsel.deb Checksums-Sha256: 86c4f0d4e85ba212de641a35df86bfa5e1a331159b95c7eb3c90bf3cc74e086e 24748 gst-plugins-good1.0_1.22.0-5+deb12u2_mipsel-buildd.buildinfo 520395233b23fee10adff8c81a10b32f48e448b3b81e72b11d10eb44d1404ade 89536 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_mipsel.deb 05b1b2dbc027cef149edea23a7751ae9f141402053cac6b5ebd6d870f79240e2 90032 gstreamer1.0-gtk3_1.22.0-5+deb12u2_mipsel.deb 42106d8d02e6d26926b5ff6e3be7c6c8f5d4fef5ea962b70b99840beaf36277e 6234688 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_mipsel.deb abae46cf21aa54a974d8362c7d862dde48e31ff9ac0c9ec0ccfd9a8b77a2a5ff 1999984 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_mipsel.deb bab78b352c50f3c8098f7c5a31d0b1634607147ce410ab30395cb6307b0703a9 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_mipsel.deb a9bdecd1adeb0ffee0a7c9bfa5c8cc8c60d50c392f269ba78b4c907121853072 1456368 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_mipsel.deb 4ff36446e761bca6485b816dbe4919c21f5775db7f0e30d81e78f0908f05b933 121952 gstreamer1.0-qt5_1.22.0-5+deb12u2_mipsel.deb cec104d5291fa1f333ef69300088aa076340d4c6e58e74b6f1f2d40ef0eafe23 810388 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_mipsel.deb 5139d7a9da27542c557e66f2e5f860495d9be2511d6331180da106fbe9be6e5a 100056 gstreamer1.0-qt6_1.22.0-5+deb12u2_mipsel.deb Files: 1ffa43fa25c78ab817d8b26be208bad2 24748 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2_mipsel-buildd.buildinfo 6d8438c0c89d272d77ce60121b46acd4 89536 debug optional gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_mipsel.deb 3f2d5883fcbbba73a6344b2009113975 90032 graphics optional gstreamer1.0-gtk3_1.22.0-5+deb12u2_mipsel.deb e002e4b13cb3c53efdbe9ba4adc43765 6234688 debug optional gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_mipsel.deb d9e2905ccd29f599fc5e78ab5759f141 1999984 libs optional gstreamer1.0-plugins-good_1.22.0-5+deb12u2_mipsel.deb 24de06c78c2e982a65f4f401e034844c 72832 oldlibs optional gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_mipsel.deb a33a5ab4b37a41a8aae8c49d7e09e5b0 1456368 debug optional gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_mipsel.deb 4851ba8b5f7ebc789fe51883b4b261cb 121952 graphics optional gstreamer1.0-qt5_1.22.0-5+deb12u2_mipsel.deb 9044476e926d3b08931a46d1d641a4ae 810388 debug optional gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_mipsel.deb 5fee83784aec9433603b75f43def6288 100056 graphics optional gstreamer1.0-qt6_1.22.0-5+deb12u2_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEunmvxaaGKuI+hxxClmZGXOM83t8FAmdnKpAACgkQlmZGXOM8 3t/5bA//eUcOPRwXf6sMPdg7m+GzND3GDRERO1uVnr9hvYDDbCoekIyP2O9e/Bbw fFkrmpNNPj1JpGh0IoiHmRV4Gz/G4KuNFOE3ryHI26aVnc++l70K7KrWmT89gxPt PExlqVs/geeJ21AalezH49xhCdoXjHdJ9vA1giACOW7RTnPeOG8vHhLt0NFeE28A MdFf1xpTvkbh+1wdWkxkwqcILuCM8o9KpTsZtA1euElomuKQczdknB5ztT1JVICl lOfb7OJBEe6gXmaVnzjh964m1DUyTDPGQjVmIt2RmNsFNpVzKT/cpKfaCipw1CR7 ralElxZ/fF9tetw6pr3OfH3JxmqKUY8Jr81Y/hMHiWJeZKGVUz5e4fKIkUwyBVMx sVo5AhzEOHE6ueT6BbnZ4umtJNAuwqWGitVZMNLb8te/X19+Dc2xgH2kTGjgjd2x /b4k5zcc735c23DrPf/R/KUG07byXwvv5fVNOiCo3mGZj8LRzpl5MnXCPeklfTG7 9wpEtPyUgMUPWeucHfbtG5X4NRyj4CG7UyihCXekpOzjxvQnI/lCK3fcUAZsyNFB mVTrPpKUYcw+jg1XAfp6dOrxdPaBD9yvVMgN7gdMsT/0b3zXbSVP9gKODTIL8on9 77Pekz8YE676fUm1M9Dacv4YekQYUQ2eveFQX+3RtmZV8KyZn7M= =7CFO -----END PGP SIGNATURE-----