[ubuntu/noble-proposed] gst-plugins-bad1.0 1.22.4-1ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Nov 28 17:30:14 UTC 2023
gst-plugins-bad1.0 (1.22.4-1ubuntu2) noble; urgency=medium
* SECURITY UPDATE: integer overflow in MXF file handling
- debian/patches/CVE-2023-40474.patch: fix integer overflow causing out
of bounds writes when handling invalid uncompressed video in
gst/mxf/mxfup.c.
- CVE-2023-40474
* SECURITY UPDATE: integer overflow in MXF file handling
- debian/patches/CVE-2023-40475.patch: check number of channels for
AES3 audio in gst/mxf/mxfd10.c.
- CVE-2023-40475
* SECURITY UPDATE: integer overflow in H.265 video parser
- debian/patches/CVE-2023-40476.patch: fix possible overflow using
max_sub_layers_minus1 in gst-libs/gst/codecparsers/gsth265parser.c.
- CVE-2023-40476
* SECURITY UPDATE: AV1 codec parser buffer overflow
- debian/patches/CVE-2023-44429.patch: clip max tile rows and cols
values in gst-libs/gst/codecparsers/gstav1parser.c.
- CVE-2023-44429
* SECURITY UPDATE: MXF demuxer use-after-free
- debian/patches/CVE-2023-44446.patch: store GstMXFDemuxEssenceTrack in
their own fixed allocation in gst/mxf/mxfdemux.*.
- CVE-2023-44446
Date: Tue, 28 Nov 2023 11:29:21 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.22.4-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Tue, 28 Nov 2023 11:29:21 -0500
Source: gst-plugins-bad1.0
Built-For-Profiles: noudeb
Architecture: source
Version: 1.22.4-1ubuntu2
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
gst-plugins-bad1.0 (1.22.4-1ubuntu2) noble; urgency=medium
.
* SECURITY UPDATE: integer overflow in MXF file handling
- debian/patches/CVE-2023-40474.patch: fix integer overflow causing out
of bounds writes when handling invalid uncompressed video in
gst/mxf/mxfup.c.
- CVE-2023-40474
* SECURITY UPDATE: integer overflow in MXF file handling
- debian/patches/CVE-2023-40475.patch: check number of channels for
AES3 audio in gst/mxf/mxfd10.c.
- CVE-2023-40475
* SECURITY UPDATE: integer overflow in H.265 video parser
- debian/patches/CVE-2023-40476.patch: fix possible overflow using
max_sub_layers_minus1 in gst-libs/gst/codecparsers/gsth265parser.c.
- CVE-2023-40476
* SECURITY UPDATE: AV1 codec parser buffer overflow
- debian/patches/CVE-2023-44429.patch: clip max tile rows and cols
values in gst-libs/gst/codecparsers/gstav1parser.c.
- CVE-2023-44429
* SECURITY UPDATE: MXF demuxer use-after-free
- debian/patches/CVE-2023-44446.patch: store GstMXFDemuxEssenceTrack in
their own fixed allocation in gst/mxf/mxfdemux.*.
- CVE-2023-44446
Checksums-Sha1:
3c786b0867a715a71e853989ba6b08755d67c030 6058 gst-plugins-bad1.0_1.22.4-1ubuntu2.dsc
0f59cafe8f965f5053e1d0d292e1e17efe8683e9 50344 gst-plugins-bad1.0_1.22.4-1ubuntu2.debian.tar.xz
f7f5c3d18b740b12a410035eb64c012f2dc1ec99 33306 gst-plugins-bad1.0_1.22.4-1ubuntu2_source.buildinfo
Checksums-Sha256:
5b705984182e6f3a69f3cd3f113d0e0713c115d6613c39252420dd5d31c86d33 6058 gst-plugins-bad1.0_1.22.4-1ubuntu2.dsc
daf7d70c9078d4d6b8e18ae6d72ffd448e5dc713fd1295a5f9900e0600926220 50344 gst-plugins-bad1.0_1.22.4-1ubuntu2.debian.tar.xz
2c18e29824b192a470669de801559921f81395ac6c2077cf3026ab102fddecd4 33306 gst-plugins-bad1.0_1.22.4-1ubuntu2_source.buildinfo
Files:
013dccb3ede89c80d5fd634d8aaa80bc 6058 libs optional gst-plugins-bad1.0_1.22.4-1ubuntu2.dsc
c81d398bb3b48aeeda59b52319ca164e 50344 libs optional gst-plugins-bad1.0_1.22.4-1ubuntu2.debian.tar.xz
9590130cecc0cbcff42511538f4f9e4a 33306 libs optional gst-plugins-bad1.0_1.22.4-1ubuntu2_source.buildinfo
Original-Maintainer: Maintainers of GStreamer packages <gst-plugins-bad1.0 at packages.debian.org>
More information about the noble-changes
mailing list