-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 15 Dec 2024 20:08:20 +0000 Source: gstreamer1.0 Architecture: source Version: 1.18.4-2.1+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Maintainers of GStreamer packages <gstreamer1.0@packages.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Changes: gstreamer1.0 (1.18.4-2.1+deb11u1) bullseye-security; urgency=medium . * Non-maintainer upload by LTS team * Fix CVE-2024-47606: An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. Checksums-Sha1: 6e537e1e563f52227ef46f3c0f8367eeafc64f2a 2918 gstreamer1.0_1.18.4-2.1+deb11u1.dsc 7c28ba58cc535c072a5d13d949dc324998df257a 2703948 gstreamer1.0_1.18.4.orig.tar.xz 947485a244856f35e562289c1ed142632e9f45af 45104 gstreamer1.0_1.18.4-2.1+deb11u1.debian.tar.xz e9d596ed8bd2654062fafb0ec1f00d414c1ce8f9 10352 gstreamer1.0_1.18.4-2.1+deb11u1_amd64.buildinfo Checksums-Sha256: a3f96ff75866d1fb4020cca3840b8237c3b9c465a4e342be2b138b463228dffa 2918 gstreamer1.0_1.18.4-2.1+deb11u1.dsc 9aeec99b38e310817012aa2d1d76573b787af47f8a725a65b833880a094dfbc5 2703948 gstreamer1.0_1.18.4.orig.tar.xz 96278e726ad970a2af087789216a3f1163e722bb31e15461a9a30b7d8ecd3c32 45104 gstreamer1.0_1.18.4-2.1+deb11u1.debian.tar.xz 23c70013d08016a82404747fd1bd1a4b92039c6beefa4b2fcae525b7ed179f49 10352 gstreamer1.0_1.18.4-2.1+deb11u1_amd64.buildinfo Files: 30400b3188304db34dbe06eda82ee253 2918 libs optional gstreamer1.0_1.18.4-2.1+deb11u1.dsc fe381e1e910e622fee44692e865f7229 2703948 libs optional gstreamer1.0_1.18.4.orig.tar.xz eeb49fdbb0ab7199f9df65a16f1ab70f 45104 libs optional gstreamer1.0_1.18.4-2.1+deb11u1.debian.tar.xz cbc76c08d4a3d32e9dd2a85e1a5de9a0 10352 libs optional gstreamer1.0_1.18.4-2.1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdfOjARHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF+mTw//RhMuq4B8be1snGAwD5n8YlTAlRfykzGb gHE2e2mRPQ8Lbtzqm9vf2RMXRarx+RcIQw1iJt8aJLyt+5pQPaWQZmdrioCYqZGC 04ck6whGW7BGUCi3/iad4r+nZ9brJ5pv/+6xQE23o4M/YTJTWCSvnzD0loFPZHk4 aJwu/ACGSMxHwWOCxAqhdkbOZtHAEBuvU3NpcKLuvxELWUzJrfhHx+Cq+qlPyvqU m2mgKtm2NvMF3e7l7mLNQzUEKDRIKyhnEdq29oBUia18r5L/YAB3lZPMa35iu5Fz GkMleklNXVQ0gBhGJfEfXGsgEi/Z4p78IdFwNP0/QGUvdjZY8W3eU5IftzJAjLX4 tJ8Nj7uY9MgNzh6IM+xRftXUtIBWnMvujlZWWVHrk2dRbtAOpb5NdLNJYnMsIlNT 3ajsInE2BtFjHary3YXnELFm4lhrxczhwqH+L4P/JzvpDE2gWW8MGjnJj8l9Tc1p XW26IWoOaIgyDQd2uLQ7JGzjPEOsj3KkK6UWjA9pxhxIfDldYAqCBj1XaRfM5VKs 2OgWN6AjaX5jhF7beDFTLX+hG3cQlMuOSATZgH8HENSf7X5xCQJRG3Dj9YoEGND7 m2JWfc0eT2b9MFH6Q6fD/lPhZxPAaO9wTTBZBOpahkRaf0mr5s8XD7VBvDEtVWnw dOzUjxEI/XU= =mcL+ -----END PGP SIGNATURE-----
