-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Dec 2024 14:32:49 +0100
Source: gst-plugins-good1.0
Architecture: source
Version: 1.22.0-5+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Maintainers of GStreamer packages <gst-plugins-good1.0@packages.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
 gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * qtdemux: Avoid integer overflow when parsing Theora extension
     (CVE-2024-47606, GHSL-2024-166)
   * jpegdec: Directly error out on negotiation failures (CVE-2024-47599,
     GHSL-2024-247)
   * gdkpixbufdec: Check if initializing the video info actually succeeded
     (CVE-2024-47613, GHSL-2024-118)
   * wavparse: Check for short reads when parsing headers in pull mode
     (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260)
   * wavparse: Make sure enough data for the tag list tag is available before
     parsing (CVE-2024-47778, GHSL-2024-258)
   * wavparse: Fix parsing of acid chunk
   * wavparse: Check that at least 4 bytes are available before parsing cue
     chunks
   * wavparse: Check that at least 32 bytes are available before parsing smpl
     chunks (CVE-2024-47777, GHSL-2024-259)
   * wavparse: Fix clipping of size to the file size (CVE-2024-47776,
     GHSL-2024-260)
   * wavparse: Check size before reading ds64 chunk (CVE-2024-47775,
     GHSL-2024-261)
   * avisubtitle: Fix size checks and avoid overflows when checking sizes
     (CVE-2024-47774, GHSL-2024-262)
   * matroskademux: Only unmap GstMapInfo in WavPack header extraction error
     paths if previously mapped (CVE-2024-47540, GHSL-2024-197)
   * matroskademux: Fix off-by-one when parsing multi-channel WavPack
   * matroskademux: Check for big enough WavPack codec private data before
     accessing it (CVE-2024-47602, GHSL-2024-250)
   * matroskademux: Don't take data out of an empty adapter when processing
     WavPack frames (CVE-2024-47601, GHSL-2024-249)
   * matroskademux: Skip over laces directly when postprocessing the frame
     fails (CVE-2024-47601, GHSL-2024-249)
   * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603,
     GHSL-2024-251)
   * matroskademux: Put a copy of the codec data into the A_MS/ACM caps
     (CVE-2024-47834, GHSL-2024-280)
   * qtdemux: Fix integer overflow when allocating the samples table for
     fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237,
     GHSL-2024-241)
   * qtdemux: Fix debug output during trun parsing
   * qtdemux: Don't iterate over all trun entries if none of the flags are set
   * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries
     (CVE-2024-47598, GHSL-2024-246)
   * qtdemux: Make sure only an even number of bytes is processed when handling
     CEA608 data (CVE-2024-47539, GHSL-2024-195)
   * qtdemux: Make sure enough data is available before reading wave header
     node (CVE-2024-47543, GHSL-2024-236)
   * qtdemux: Fix length checks and offsets in stsd entry parsing
     (CVE-2024-47545, GHSL-2024-242)
   * qtdemux: Fix error handling when parsing cenc sample groups fails
     (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240)
   * qtdemux: Make sure there are enough offsets to read when parsing samples
     (CVE-2024-47597, GHSL-2024-245)
   * qtdemux: Actually handle errors returns from various functions instead of
     ignoring them (CVE-2024-47597, GHSL-2024-245)
   * qtdemux: Check for invalid atom length when extracting Closed Caption data
     (CVE-2024-47546, GHSL-2024-243)
   * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596,
     GHSL-2024-244)
Checksums-Sha1: 
 1b656108db9b766a07f582dbb7c1f1f95ebf6dbb 4960 gst-plugins-good1.0_1.22.0-5+deb12u2.dsc
 6531cb9f931e9490fb77c6102352f66fb1c81277 54904 gst-plugins-good1.0_1.22.0-5+deb12u2.debian.tar.xz
Checksums-Sha256: 
 83a86de2c89dbb719b5aa306f69c5cf67c6732381d05f78eab8f1ca0411bb1d1 4960 gst-plugins-good1.0_1.22.0-5+deb12u2.dsc
 cf4b0b149c797d4cb255d2e90adaf9502ddd0d7c2e565e2c357deaf8ec3858c2 54904 gst-plugins-good1.0_1.22.0-5+deb12u2.debian.tar.xz
Files: 
 eaa10a8d325ee579b9e5b8165ef4a378 4960 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2.dsc
 1853fef1516a269f8e418a7bb90a6f90 54904 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmdnIdZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ej1MQAJDz13+3x0djJP2oeddnMwN3ublVSoay
19nKrjeH4FDyK26/m9ikOZNA9MBPr7lrCS18n2vx8DMfJnRTiAeh41L7ro0dm2RX
MJTs4r3fwa8U8/S19cNWmVrME4jYXaieNnOK2WOBhOGx4gKgjZIxKSZxDldbVyxE
rq4Ho4di7z1zxN4mjS0aAHf7RDPDi4fPX+5cNjSczXc6AQF3NywQTgBKhfXP/OG0
MQiZS40YnCNAcc9WQPwShsKtQ48jsxBCQMORLq2sqOwgvDp4CW8W9+Xqq/mCnxvd
Bfw61l1Ej2Gx8q3YGb94+g81Iq4lfi5KZkau9EsAr7QWViJsDFIdTY9y1/BUPD3N
RtL6mCHL5zNb3ztkEX3g74o4BqL2L558P4AFomHWoaIafZMouUYBfZ/bmI5bZiYu
aDPJIFB1nKnJlUopT2M6muEO7fAiwH87vB69XxW4KC3Vw7U1BZtGii2sBmyvt1za
NaRELfXPcF9VRMq2x1MJDnEyeuvDlgiRO47wd/Hhf9J6ZPFUM7Xh5/0kCJQR83tR
qvt2nKdWenB5D3+zlX9dQmRvW0fKZiEfVGosDWmNprW8hkKJILK1OfxVLr6FXSTu
Hc3l4p8FNrsTW1G5s2I0LyhRMy/jH6rUcXxHuuCsLGIT265CevZYnT89SJ7fmRsp
v9cG+XBEZl3s
=mhj/
-----END PGP SIGNATURE-----