-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 14:32:49 +0100 Source: gst-plugins-good1.0 Binary: gstreamer1.0-gtk3 gstreamer1.0-gtk3-dbgsym gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbgsym gstreamer1.0-pulseaudio gstreamer1.0-qt5 gstreamer1.0-qt5-dbgsym gstreamer1.0-qt6 gstreamer1.0-qt6-dbgsym Architecture: armhf Version: 1.22.0-5+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Salvatore Bonaccorso Description: gstreamer1.0-gtk3 - GStreamer plugin for GTK+3 gstreamer1.0-plugins-good - GStreamer plugins from the "good" set gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio (transitional package) gstreamer1.0-qt5 - GStreamer plugin for Qt5 gstreamer1.0-qt6 - GStreamer plugin for Qt6 Changes: gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * qtdemux: Avoid integer overflow when parsing Theora extension (CVE-2024-47606, GHSL-2024-166) * jpegdec: Directly error out on negotiation failures (CVE-2024-47599, GHSL-2024-247) * gdkpixbufdec: Check if initializing the video info actually succeeded (CVE-2024-47613, GHSL-2024-118) * wavparse: Check for short reads when parsing headers in pull mode (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260) * wavparse: Make sure enough data for the tag list tag is available before parsing (CVE-2024-47778, GHSL-2024-258) * wavparse: Fix parsing of acid chunk * wavparse: Check that at least 4 bytes are available before parsing cue chunks * wavparse: Check that at least 32 bytes are available before parsing smpl chunks (CVE-2024-47777, GHSL-2024-259) * wavparse: Fix clipping of size to the file size (CVE-2024-47776, GHSL-2024-260) * wavparse: Check size before reading ds64 chunk (CVE-2024-47775, GHSL-2024-261) * avisubtitle: Fix size checks and avoid overflows when checking sizes (CVE-2024-47774, GHSL-2024-262) * matroskademux: Only unmap GstMapInfo in WavPack header extraction error paths if previously mapped (CVE-2024-47540, GHSL-2024-197) * matroskademux: Fix off-by-one when parsing multi-channel WavPack * matroskademux: Check for big enough WavPack codec private data before accessing it (CVE-2024-47602, GHSL-2024-250) * matroskademux: Don't take data out of an empty adapter when processing WavPack frames (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over laces directly when postprocessing the frame fails (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603, GHSL-2024-251) * matroskademux: Put a copy of the codec data into the A_MS/ACM caps (CVE-2024-47834, GHSL-2024-280) * qtdemux: Fix integer overflow when allocating the samples table for fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237, GHSL-2024-241) * qtdemux: Fix debug output during trun parsing * qtdemux: Don't iterate over all trun entries if none of the flags are set * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries (CVE-2024-47598, GHSL-2024-246) * qtdemux: Make sure only an even number of bytes is processed when handling CEA608 data (CVE-2024-47539, GHSL-2024-195) * qtdemux: Make sure enough data is available before reading wave header node (CVE-2024-47543, GHSL-2024-236) * qtdemux: Fix length checks and offsets in stsd entry parsing (CVE-2024-47545, GHSL-2024-242) * qtdemux: Fix error handling when parsing cenc sample groups fails (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240) * qtdemux: Make sure there are enough offsets to read when parsing samples (CVE-2024-47597, GHSL-2024-245) * qtdemux: Actually handle errors returns from various functions instead of ignoring them (CVE-2024-47597, GHSL-2024-245) * qtdemux: Check for invalid atom length when extracting Closed Caption data (CVE-2024-47546, GHSL-2024-243) * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596, GHSL-2024-244) Checksums-Sha1: 97e4f282e5affdc1ad753fbbb313af58b90f91dc 24879 gst-plugins-good1.0_1.22.0-5+deb12u2_armhf-buildd.buildinfo de2b071b112728e9770bb1e7bd087eea0fff8a85 87744 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_armhf.deb ee059fb3b80e98533b3c74472dce82cd1eb9d9fd 89480 gstreamer1.0-gtk3_1.22.0-5+deb12u2_armhf.deb 2a7b57fda656f85b389d05c4f5f3757b866cee60 5965440 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_armhf.deb 2c2ae02a7d0b5f1cf7eaf939bf04b71758a9ffeb 2049808 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_armhf.deb b32904283d442f65012d6be8eb3bfc62cd84610b 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_armhf.deb 019f466c0a2bb8d80a2b8c9648c4de566065cb10 1420392 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_armhf.deb 08efe0718a3d55e49a6744b9bcdbe9f574b5e0c5 119072 gstreamer1.0-qt5_1.22.0-5+deb12u2_armhf.deb def9236c986f794257303dc3d30e638ab60a6315 812320 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_armhf.deb 022c16602f55ec4aab4ec3a2b4bf2bb6cede0aaf 97416 gstreamer1.0-qt6_1.22.0-5+deb12u2_armhf.deb Checksums-Sha256: 4a921d7f02b9d1fc6e720536eb0d34c4f93ddbe25ade10b44b04171ece51a35e 24879 gst-plugins-good1.0_1.22.0-5+deb12u2_armhf-buildd.buildinfo 4b20ce075a7fa3acae369c78516c34d803cf09afd49929fe1c9704b927992fdd 87744 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_armhf.deb 8cd41c782463be9ed0b97c016f52dc2ca652d9c9c9afd18619930b7aeccdb0a5 89480 gstreamer1.0-gtk3_1.22.0-5+deb12u2_armhf.deb b1d0dc6a6b5e7d23205a649fde35569ab8a55cbc5fb8f50e464e587212a397c6 5965440 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_armhf.deb bef26016f6c4e8e3c0da9eeb38afe249be0293935d4818a18e6aa09e114bde22 2049808 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_armhf.deb 74b931f897347183973f5e92bf025fedb32d1b8f29df444d1830a64b8f3f4ad4 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_armhf.deb 165310af9c661073be0bae73c63d8ee0f07e62f3e105e0fdc51f1aa08d69f2d1 1420392 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_armhf.deb b1c960630a11f1df42f283ba82f889e94219e7e3fac554781a111412b43ac106 119072 gstreamer1.0-qt5_1.22.0-5+deb12u2_armhf.deb 9318113aa6a5c70a76c4939db20b50ece3642ecf9ce7880030ddaf4d5a40505c 812320 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_armhf.deb 54049a25d292929c33c016ca7d3b676c6adaf15275eeb7697379bf40f872feb2 97416 gstreamer1.0-qt6_1.22.0-5+deb12u2_armhf.deb Files: e1c879a438b2395d5f930a11517d9594 24879 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2_armhf-buildd.buildinfo 8b54a499730e118e225c99a60b595e4f 87744 debug optional gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_armhf.deb 6baa2a9ef0b3bb87efc0a96d07e6a5e1 89480 graphics optional gstreamer1.0-gtk3_1.22.0-5+deb12u2_armhf.deb 25b2e7b2aba8f491494c1102463ec535 5965440 debug optional gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_armhf.deb d0d9475e9ac23ce9a6d075fdd07a1683 2049808 libs optional gstreamer1.0-plugins-good_1.22.0-5+deb12u2_armhf.deb 1c06a7df07409219928ef55e6974f2fd 72832 oldlibs optional gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_armhf.deb d99b05b65c5775fdf4367b07764db5b4 1420392 debug optional gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_armhf.deb b0218f34caf853cfa0231365e20bb494 119072 graphics optional gstreamer1.0-qt5_1.22.0-5+deb12u2_armhf.deb 44bc85c71caa0d7c54f0be290323ce76 812320 debug optional gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_armhf.deb 3ce397471170b20378e000354d1766e0 97416 graphics optional gstreamer1.0-qt6_1.22.0-5+deb12u2_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEH43oX1cK+BEEs9Pe/9j0ct/+ZwwFAmdnJ1oACgkQ/9j0ct/+ ZwwK7g/8C9COcEreoUGUYjKQSSkkEUVuxi/gWoOLUBuaC3RuwpJpSSjqF7BZ+IrR 0llqVdbYh29Uoy4NZbARbwpgKZGdLJ4Wd7ZSuryBIByXZCk9lvsEAkBO3Gujqt+G whQoft/SCLHKGMloWaBvpI5FqLN/IBlcmw1f05A1G8pPsut8zqFFoMimCUB4iTRK tMF4VjMOmGmZhZeNgDLm+zf417esjKLzxQbDWZ3BFU2Z+IfihcY9TCbamPOB0HQO 11F09qa4vGkD9OE4fY24QxsiWe/qo1NYLqkqHesagbX5DQUZkDgQNZlURNoZqgCN 4aDePEmbdTz4Z8NSWbAjU275wSttYtphRcX+yItZS7X/7dwe1nx9EJ2axGzIqwyl KNPsvXeir9VgURLqPZhTFX+AocHFRzUkAdRiN3D0VaxlxqUoA0DdHsQuKSea7tQM hR2N7ms83OL640C164A4l8LKSgVPXg1eZ7Yxjv00ok1RR75QY2Otlfwqf8RPTg2D GNT9fhWnDNCWV75T1+IpIla0z9MPQKaYs6E7DNQXsUmZeA1sYy4IZl/wZrewdvnQ HmvdYPS09dN8Q7e7FQbI++9/iVCux+UbOjiVmZAcsCAjZA8RqT1q3gfSoeQKtjI1 NjxW2G8ihNjT73atkOeJalRynrSzzpzbsRBjbd90+1C6E/8M/cY= =e8l2 -----END PGP SIGNATURE-----