[ubuntu/noble-proposed] gst-plugins-bad1.0 1.22.9-1ubuntu1 (Accepted)

Jeremy Bícha jbicha at ubuntu.com
Fri Feb 2 15:34:13 UTC 2024 

gst-plugins-bad1.0 (1.22.9-1ubuntu1) noble; urgency=medium

  * Merge with Debian. Remaining changes:
    - Don't build wpewebkit plugins
    - Stop installing camerabin2 basecamerabin jpegformat - plugins which have
      moved to -good.
    - Have gstreamer-plugins-bad-1.0.pc Require gstreamer-plugins-good-1.0 -
      the package we've moved the referenced plugins to. This maintains
      compatibility with upstream software and other distributions.
    - Don't build the opencv binary packages on i386, avoiding a large tree
      of numeric-related dependencies for a binary package it's not required
      to support.
    - d/control, d/gstreamer1.0-plugins-bad.install, d/rules:
      + Don't require these Build-Depends on i386:
        - libltc-dev, libfreeaptx-dev, libqrencode-dev, libzxing-dev, glslc,
          libdirectfb-dev, liblrdf0-dev, libneon27-dev
  * Drop backported CVE patches included in new release
  * debian/gbp.conf: Use ubuntu/latest branch (on Salsa)

gst-plugins-bad1.0 (1.22.9-1) unstable; urgency=high

  * Team upload
  * New upstream version 1.22.9
    - CVE-2024-0444 (ZDI-CAN-22873, GStreamer-SA-2024-001):
      AV1 codec parser potential buffer overflow during list tile parsing
  * Run wrap-and-sort

gst-plugins-bad1.0 (1.22.8-1) unstable; urgency=high

  * Team upload.
  * New upstream version 1.22.8
    - ZDI-CAN-22300: Heap-based buffer overflow in the AV1 codec parser
      when handling certain malformed streams before GStreamer 1.22.8
  * d/patches: skip netsim test. Mitigates: #1052660

gst-plugins-bad1.0 (1.22.7-1) unstable; urgency=high

  * Team upload
  * New upstream release
    (Closes: #1056101, #1056102, #1053259, #1053260, #1053261)
    - CVE-2023-40474: integer overflow in MXF file handling
    - CVE-2023-40475: integer overflow in MXF file handling
    - CVE-2023-40476: integer overflow in H.265 video parser
    - CVE-2023-44429: AV1 codec parser buffer overflow
    - CVE-2023-44446: MXF demuxer use-after-free
  * Update libzxing-dev Build-Depends (Closes: #1054382)

Date: Fri, 02 Feb 2024 10:16:57 -0500
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.22.9-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 02 Feb 2024 10:16:57 -0500
Source: gst-plugins-bad1.0
Built-For-Profiles: noudeb
Architecture: source
Version: 1.22.9-1ubuntu1
Distribution: noble
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Closes: 1053259 1053260 1053261 1054382 1056101 1056102
Changes:
 gst-plugins-bad1.0 (1.22.9-1ubuntu1) noble; urgency=medium
 .
   * Merge with Debian. Remaining changes:
     - Don't build wpewebkit plugins
     - Stop installing camerabin2 basecamerabin jpegformat - plugins which have
       moved to -good.
     - Have gstreamer-plugins-bad-1.0.pc Require gstreamer-plugins-good-1.0 -
       the package we've moved the referenced plugins to. This maintains
       compatibility with upstream software and other distributions.
     - Don't build the opencv binary packages on i386, avoiding a large tree
       of numeric-related dependencies for a binary package it's not required
       to support.
     - d/control, d/gstreamer1.0-plugins-bad.install, d/rules:
       + Don't require these Build-Depends on i386:
         - libltc-dev, libfreeaptx-dev, libqrencode-dev, libzxing-dev, glslc,
           libdirectfb-dev, liblrdf0-dev, libneon27-dev
   * Drop backported CVE patches included in new release
   * debian/gbp.conf: Use ubuntu/latest branch (on Salsa)
 .
 gst-plugins-bad1.0 (1.22.9-1) unstable; urgency=high
 .
   * Team upload
   * New upstream version 1.22.9
     - CVE-2024-0444 (ZDI-CAN-22873, GStreamer-SA-2024-001):
       AV1 codec parser potential buffer overflow during list tile parsing
   * Run wrap-and-sort
 .
 gst-plugins-bad1.0 (1.22.8-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream version 1.22.8
     - ZDI-CAN-22300: Heap-based buffer overflow in the AV1 codec parser
       when handling certain malformed streams before GStreamer 1.22.8
   * d/patches: skip netsim test. Mitigates: #1052660
 .
 gst-plugins-bad1.0 (1.22.7-1) unstable; urgency=high
 .
   * Team upload
   * New upstream release
     (Closes: #1056101, #1056102, #1053259, #1053260, #1053261)
     - CVE-2023-40474: integer overflow in MXF file handling
     - CVE-2023-40475: integer overflow in MXF file handling
     - CVE-2023-40476: integer overflow in H.265 video parser
     - CVE-2023-44429: AV1 codec parser buffer overflow
     - CVE-2023-44446: MXF demuxer use-after-free
   * Update libzxing-dev Build-Depends (Closes: #1054382)
Checksums-Sha1:
 d46034eaa37af612965d3b63edeca7c378581316 5899 gst-plugins-bad1.0_1.22.9-1ubuntu1.dsc
 c68a796798631106bbd385abc645419d585cb414 5547444 gst-plugins-bad1.0_1.22.9.orig.tar.xz
 195c76d034539328d74f243ed1ab4e773be76c2b 833 gst-plugins-bad1.0_1.22.9.orig.tar.xz.asc
 278d8986e4f46e10633fcff5dbf49dbded28bd71 46348 gst-plugins-bad1.0_1.22.9-1ubuntu1.debian.tar.xz
 444df02b5e515884d6d4f01bdb9f127add8c5a2f 28263 gst-plugins-bad1.0_1.22.9-1ubuntu1_source.buildinfo
Checksums-Sha256:
 6c1cd015768872d5bd516f19514682bb49c3426c0ebc4ee17bace37276c2c11f 5899 gst-plugins-bad1.0_1.22.9-1ubuntu1.dsc
 1bc65d0fd5f53a3636564efd3fcf318c3edcdec39c4109a503c1fc8203840a1d 5547444 gst-plugins-bad1.0_1.22.9.orig.tar.xz
 9602ed774bf1701782586f0203e01e184eb4e35b32346fdd565736ecfa910b28 833 gst-plugins-bad1.0_1.22.9.orig.tar.xz.asc
 d5c5323ba174f073703bbd4bae92511059dc660023b222d3132efbfa5edd1cde 46348 gst-plugins-bad1.0_1.22.9-1ubuntu1.debian.tar.xz
 8a0eb22f221058ffdc98967acbc714ea7a8bedb870f8856db7c7388e64df86f9 28263 gst-plugins-bad1.0_1.22.9-1ubuntu1_source.buildinfo
Files:
 0f9ca278c8eab0c4e6f6cc6ec9a7be7c 5899 libs optional gst-plugins-bad1.0_1.22.9-1ubuntu1.dsc
 46da4d6a2184d4e6af63e7594a80be0a 5547444 libs optional gst-plugins-bad1.0_1.22.9.orig.tar.xz
 676192937be40f57f66ee0f84c7babf3 833 libs optional gst-plugins-bad1.0_1.22.9.orig.tar.xz.asc
 346f59ef84d6a5cce9f86148e16750b2 46348 libs optional gst-plugins-bad1.0_1.22.9-1ubuntu1.debian.tar.xz
 abd2dad9cfa9e7c7e94d510c9b734e53 28263 libs optional gst-plugins-bad1.0_1.22.9-1ubuntu1_source.buildinfo
Original-Maintainer: Maintainers of GStreamer packages <gst-plugins-bad1.0 at packages.debian.org>

More information about the noble-changes mailing list