• [SECURITY] [DSA 5608-1] gst-plugins-bad1.0 security update

    From Salvatore Bonaccorso@21:1/5 to All on Sat Jan 27 21:00:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5608-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 27, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : gst-plugins-bad1.0
    CVE ID : CVE-2024-0444

    A heap-based buffer overflow during tile list parsing was discovered in
    the AV1 video codec parser for the GStreamer media framework, which may
    result in denial of service or potentially the execution of arbitrary
    code if a malformed media file is opened.

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 1.18.4-3+deb11u4.

    For the stable distribution (bookworm), this problem has been fixed in
    version 1.22.0-4+deb12u5.

    We recommend that you upgrade your gst-plugins-bad1.0 packages.

    For the detailed security status of gst-plugins-bad1.0 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW1XvtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T6lQ//U5/FcuUV+SLF3IYzbSGP3nxOl3njQNMQz12woGd8SJdFpsEgeyOFUqwE 1u6xUjNbryI3N/U3zGxEH3P5gZdcxXbQX3dWqHr6IrBC1ciBwKZrtmcmy9ME2OZd 1r2QYGNxGYr2d/E9IV6lvT6L2MPeKTbEmAUjCGgY/nsPi9P2ECwufD7KEHh+6IXn 5WRPEFIWioOXWhiBn02x612VHJUvux5geBz6oLkl9sc2V9coHx19kywaC9W2JMtt SlyBaw3s7l2lv25rwTYCie1YmAgjsvnyZu3ijGMwHp/Sa7RYUkTC09S/fzuZlFOA Dz5HRslsjvlk0SomPg5A0J6eDYVQUqE3fq3A2zRtkDbeGbScAmc4eyR1d4LE0FqT POUxZoCR84fP542vOqLimvfdnkkaPSJwcQJRrwKx4r/hYFwOi4W1gwy90at7MQlj zwrfExMcXu9B3WmzmwAcTsX9nrgyiXNKH3Lib0gT+93TbqdhUNHuj9zC885JfOwx Th+jRaas4dyx4Tjaz83pJaUzEEIgAHByfr5N1UltvIUmO7AX9C9iLLyVVmgb2Qz0 ujdc1N8XSqcvB52psJe5o6oEx6UbAVTH48PGrCuYY2kfzKKHYUan6n8MILRw8Is4 FaUz4BAUd6Fjgo+jG/oS32grK7aujTbqRCiDaTDLcT/vywZldQA=
    =giTa
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)