Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted gst-plugins-base1.0 1.18.4-2+deb11u4 (source) into oldoldstable-security
Date: Fri, 14 Nov 2025 16:30:19 +0000
Signed by: Jeremy Bícha <jbicha@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Nov 2025 11:58:14 -0500
Source: gst-plugins-base1.0
Built-For-Profiles: noudeb
Architecture: source
Version: 1.18.4-2+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: Maintainers of GStreamer packages <gst-plugins-base1.0@packages.debian.org>
Changed-By: Jeremy Bícha <jbicha@debian.org>
Changes:
 gst-plugins-base1.0 (1.18.4-2+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team
   * Fix DoS via stack overflow in subparse plugin
     - debian/patches/CVE-2025-47806.patch: make sure that subrip time
       string is not too long before zero-padding in
       gst/subparse/gstsubparse.c.
     - CVE-2025-47806
   * Fix DoS via null-deref in subparse plugin
     - debian/patches/CVE-2025-47807.patch: check for valid UTF-8 before
       cleaning up lines and check for regex replace errors in
       gst/subparse/gstsubparse.c.
     - CVE-2025-47807
   * Fix DoS via null-deref in subparse plugin
     - debian/patches/CVE-2025-47808.patch: don't append NULL + 1 to the
       string buffer when parsing lines without text in
       gst/subparse/tmplayerparse.c.
   * Stop ignoring build test failures on amd64, arm64, ppc64el
Checksums-Sha1:
 e56cd882ad4734ce5cc2b0d0d060f043773849d0 3713 gst-plugins-base1.0_1.18.4-2+deb11u4.dsc
 879dc96692609ac079cd9d05b359882fb9cf7108 3169512 gst-plugins-base1.0_1.18.4.orig.tar.xz
 4c365d1aaa4abf183117586327e29f427aca170e 55684 gst-plugins-base1.0_1.18.4-2+deb11u4.debian.tar.xz
 cab16f4bd061c87aa10c523592cc5f51b6bce6f0 13727 gst-plugins-base1.0_1.18.4-2+deb11u4_source.buildinfo
Checksums-Sha256:
 bbb0676080c9534f8f97ba414a2d4f372eb0f7b143ad33878e0963124bd1348a 3713 gst-plugins-base1.0_1.18.4-2+deb11u4.dsc
 29e53229a84d01d722f6f6db13087231cdf6113dd85c25746b9b58c3d68e8323 3169512 gst-plugins-base1.0_1.18.4.orig.tar.xz
 9bf58bf10941081ef20ca749c160a677025ae9d1dc5c2e3b4477e15a5bfe0801 55684 gst-plugins-base1.0_1.18.4-2+deb11u4.debian.tar.xz
 9e8f1219eba563b00ad9f019acddfd7332eaf91d4aa1e50bb1e6601244e730e5 13727 gst-plugins-base1.0_1.18.4-2+deb11u4_source.buildinfo
Files:
 6543a2d445bdbedf45d61e565f42c59d 3713 libs optional gst-plugins-base1.0_1.18.4-2+deb11u4.dsc
 523336ed6938b8b1004847cbbd5e31cb 3169512 libs optional gst-plugins-base1.0_1.18.4.orig.tar.xz
 e62a0e8cce5b2a95098082144518c6e3 55684 libs optional gst-plugins-base1.0_1.18.4-2+deb11u4.debian.tar.xz
 100584ef64e35a844bb2a3ad7cf711ff 13727 libs optional gst-plugins-base1.0_1.18.4-2+deb11u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmkXVGQACgkQ5mx3Wuv+
bH2fshAAqkOvBWc3OSF7l3CgexNbAIDTbZ2fLJ2YNVkIr+JT2u/3bWPuDlRy7tDT
iCOkXT/OgC13hzCt8aduY2ESvqMUVk6DFuqzLnAbuNSZnUCBOMm9A3ahzGIcwvt7
OICBZyt1hJbv/KcReusPASVVnqkVOOLgbJUd/2aG0ba0jvHqG6NRvv85uvUQPNtW
H33U2JyUANjXS/ofwjxgXOgmsvmtYDa6PQink3zJ/1oczUb7hegTprOL1osPepxD
ZLSKgWoOpKgGvcjlQLxPeqwk9YZ1EmpOOKVc8g0sudNFEi+XPDAHS4FFBOcKrGJ/
rXsPuk7ZMJGWVpfjhtk7JD6hYgmQvEfFjgTDEqkgawdJvdRT6TlW7+r7d+RJ50sX
kxhJNZoI2+LrsqiYlXF+lsJFqZqz011n72A+zhWBB9NZhE+CMV6Ql3A5VXNdmwZM
GIyNdRm4rSEJhLfvVoMQCPTyJH+cCIsZugxIz6so8Jv5JkNM6SaOeRMlRGD9LtLv
dk5bXBWZnh9VJULjFMiVlNolvNu0jc3yawo07jO1OfkjQ4UjY1Yc6LEZr9f3Fdu8
81UKKs1M6jTO57T2U35h9vEMZcbQsXsoyFehAJAUY4O71xkP5/CVNjv3986KSznY
r58qxXTRLXyLrz0rlNLKQQL4u7vxKiGi2apwGG7NaRJcbapLwQ0=
=9oW4
-----END PGP SIGNATURE-----
News for package gst-plugins-base1.0
