-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Oct 2023 21:51:02 +0200 Source: gst-plugins-bad1.0 Architecture: source Version: 1.22.0-4+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: Maintainers of GStreamer packages <gst-plugins-bad1.0@packages.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1053259 1053260 1053261 Changes: gst-plugins-bad1.0 (1.22.0-4+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * h265parser: Fix possible overflow using max_sub_layers_minus1 (CVE-2023-40476) (Closes: #1053259) * mxfdemux: Fix integer overflow causing out of bounds writes when handling invalid uncompressed video (CVE-2023-40474) (Closes: #1053261) * mxfdemux: Check number of channels for AES3 audio (CVE-2023-40475) (Closes: #1053260) Checksums-Sha1: 60f9ebea92c636e1961e01f31563d2978fb8f69d 5983 gst-plugins-bad1.0_1.22.0-4+deb12u2.dsc 7cb6a4e765b490c7609af8ce9891928b6bd6b3d8 39848 gst-plugins-bad1.0_1.22.0-4+deb12u2.debian.tar.xz 9a0734e72ab84e047e4ec1d71b012fba5efedd7e 7448 gst-plugins-bad1.0_1.22.0-4+deb12u2_source.buildinfo Checksums-Sha256: f9409168cdf0037fd6873f20ef1857ac319df195624bfb9053961b965390b328 5983 gst-plugins-bad1.0_1.22.0-4+deb12u2.dsc b6d83d631ca7798e4aebcc573e2243a1b3adca127ee648ada4115e9169c2f55d 39848 gst-plugins-bad1.0_1.22.0-4+deb12u2.debian.tar.xz 195953b747f05044700179b20119a5f633058697e5435584bef2edace56f14ec 7448 gst-plugins-bad1.0_1.22.0-4+deb12u2_source.buildinfo Files: 60aa97eb81238ba9abc84e2603832043 5983 libs optional gst-plugins-bad1.0_1.22.0-4+deb12u2.dsc 6a439657dc14bb095096918db9e1637a 39848 libs optional gst-plugins-bad1.0_1.22.0-4+deb12u2.debian.tar.xz 7d464641bd94db3b2fbee6c851cb708e 7448 libs optional gst-plugins-bad1.0_1.22.0-4+deb12u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUhvZtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EuGUP/0yqos6DPF+Lg1LVtEEfbnYdv+cwH9sG f8SETVwBVxWU9ny54wXIoEEEWHnUwnVM7n9ka2r1T/YHRvPLWIef1qgmAtDwQXS4 4xMRe7Wo0UCslVYKZuGorPcp4wZoWT7lv3/+LZfYHvfqzJgY7fx5nzmQ6HBjQWFf n2uULq4gr8n99f2ys1QUyYv5MXzMh2t1XbunzrdjIzHCLkIF4D/bJQP1w2IFW2cz bVqPmkq8ruCSi1jGPVlNbP2blNANIt1qiiz6u+52lbUbKxhJrgbjupZvFQUqyLqI OZXBauRij2Kh6CBkwdbruPp31cRelt1xiixlzwZM9GUdzyNt0xTjoEdUQeju2kii hcMNbqgoJRb+BGe4EBg/ix/ArgXyEFxO3ht1LJk9e6oFhzLgDkh8uHjnJZL/U64f k4rxS2pkmgXYc93TkKx9uLqVvnrC1zj2onA9v3+qSObspEdetpnRgbgwqNL94QkO 4qnmkmior7uzPe5/KH1/NoRjV86UQhyyd+D8Eyy9FiPpeD9pjaGciydBFsW15Q/m DVi++i/B43aXLoE9QsF9JZX6uxxcOQaiT0BlCWp3bTW7+EGl7L1hIRrqfwTKXPT3 I11BAKBs42mW/RFE52/0AxJE7YVjOMSqGj7PDZcbXIgF/C3lGMF/DX4vQEoFhW7H Cc/ktg8PpA/o =1vrY -----END PGP SIGNATURE-----