-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 15:58:38 +0000 Source: gst-plugins-base1.0 Architecture: source Version: 1.18.4-2+deb11u3 Distribution: bullseye-security Urgency: medium Maintainer: Maintainers of GStreamer packages <gst-plugins-base1.0@packages.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Changes: gst-plugins-base1.0 (1.18.4-2+deb11u3) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Fix CVE-2024-47538: A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c` * Fix CVE-2024-47541: An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. * Fix CVE-2024-47542: A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c * Fix CVE-2024-47600: An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c * Fix CVE-2024-47607: A stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. * Fix CVE-2024-47615: An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. * Fix CVE-2024-47835: A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c Checksums-Sha1: d64e4de3fc8553f62dd9c1671c1de6bc79cb82f3 3738 gst-plugins-base1.0_1.18.4-2+deb11u3.dsc 879dc96692609ac079cd9d05b359882fb9cf7108 3169512 gst-plugins-base1.0_1.18.4.orig.tar.xz 0294bc5b29744d398cf6c10c3e20fe60ee8bf7a5 54420 gst-plugins-base1.0_1.18.4-2+deb11u3.debian.tar.xz c3d7a9f4ca7e8adcf56d7f2254a1adb4e5094f8e 18540 gst-plugins-base1.0_1.18.4-2+deb11u3_amd64.buildinfo Checksums-Sha256: c6b3282637f75034a827dc56cf7d76dd4ab8517c9d8ea6e5167b9f72a56b6303 3738 gst-plugins-base1.0_1.18.4-2+deb11u3.dsc 29e53229a84d01d722f6f6db13087231cdf6113dd85c25746b9b58c3d68e8323 3169512 gst-plugins-base1.0_1.18.4.orig.tar.xz 993ab576136170543df779d02ad534ecf5534b52564589717885252d26ded99d 54420 gst-plugins-base1.0_1.18.4-2+deb11u3.debian.tar.xz b18fb916bdee10a260b8bed02526333d2e72f5556b3233f969e29142bb0da1a5 18540 gst-plugins-base1.0_1.18.4-2+deb11u3_amd64.buildinfo Files: 638ff4ba4811655a388ed99938c125ad 3738 libs optional gst-plugins-base1.0_1.18.4-2+deb11u3.dsc 523336ed6938b8b1004847cbbd5e31cb 3169512 libs optional gst-plugins-base1.0_1.18.4.orig.tar.xz 9834b14e7a31a1d0273ed3f767e86694 54420 libs optional gst-plugins-base1.0_1.18.4-2+deb11u3.debian.tar.xz a580895b900f18e22f3c54999e700438 18540 libs optional gst-plugins-base1.0_1.18.4-2+deb11u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdm6/0RHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF/v1RAAi1jDgWplkulLQFYbtxRBtAib4l1Qtenj XJnf8AqwHPh9z4hFoJZV5K2p5N8CH8SHVrKeuycHtgFtw06AyLMFbtfCLGFahVeV SkSmT3euV6bSxWMBFvB1cAUAJM2DcJJSt8EE79JAhq+15Ce73CinYZ50kkqvC+12 OY4QOW/UYZ4oB5+vfKYEI87uUoqaYqoKnw9/JsUjOxtYnOzRlehmtubS0nOAc64f C61OHEuD/i411y/iD/PYP2jQyM0XIL7UWPh4SaJhV+cAr5DXnwho3mc/ZyzQzPPW cmyFZATuywoSj0hCKv0CWrwJACGIpwVlv8dO3uLXpLTea4i8bB8gmT8rZ3p2YZrB 0obuMMCVfPbK90T2CwROo5FR0LGw7AtBUR8n6m6pnBQJjFx2ZU9yhlUGfdtqSftw nJYKQU9UdShLV/ESnhpsJYsbAWWIVD6ljCe+UVWT+H5Vp/PwR/E+hR28K6H4Ebn+ LqZOB+zOF0KQgHHPc3FWcX1pULjC4qhqhSUUpipx2aF47aseUykDT/vad1MyqEf9 2XJ9TU1+e0z05pcTFACFr94rc620LYCGklYEmglqHpkWh75uHQ9IpI2Jigi9EFBW EsIqRoIiOLQfJD7+tshfoz7J6Hmu2/3kG2U8B15YgpcYtJIzwFsI0fa2mG3qIbaU GsqJZVFo8AM= =kmIl -----END PGP SIGNATURE-----
