-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Dec 2024 14:32:49 +0100
Source: gst-plugins-good1.0
Binary: gstreamer1.0-gtk3 gstreamer1.0-gtk3-dbgsym gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbgsym gstreamer1.0-pulseaudio gstreamer1.0-qt5 gstreamer1.0-qt5-dbgsym gstreamer1.0-qt6 gstreamer1.0-qt6-dbgsym
Architecture: mips64el
Version: 1.22.0-5+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-03) <buildd_mips64el-mipsel-osuosl-03@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 gstreamer1.0-gtk3 - GStreamer plugin for GTK+3
 gstreamer1.0-plugins-good - GStreamer plugins from the "good" set
 gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio (transitional package)
 gstreamer1.0-qt5 - GStreamer plugin for Qt5
 gstreamer1.0-qt6 - GStreamer plugin for Qt6
Changes:
 gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * qtdemux: Avoid integer overflow when parsing Theora extension
     (CVE-2024-47606, GHSL-2024-166)
   * jpegdec: Directly error out on negotiation failures (CVE-2024-47599,
     GHSL-2024-247)
   * gdkpixbufdec: Check if initializing the video info actually succeeded
     (CVE-2024-47613, GHSL-2024-118)
   * wavparse: Check for short reads when parsing headers in pull mode
     (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260)
   * wavparse: Make sure enough data for the tag list tag is available before
     parsing (CVE-2024-47778, GHSL-2024-258)
   * wavparse: Fix parsing of acid chunk
   * wavparse: Check that at least 4 bytes are available before parsing cue
     chunks
   * wavparse: Check that at least 32 bytes are available before parsing smpl
     chunks (CVE-2024-47777, GHSL-2024-259)
   * wavparse: Fix clipping of size to the file size (CVE-2024-47776,
     GHSL-2024-260)
   * wavparse: Check size before reading ds64 chunk (CVE-2024-47775,
     GHSL-2024-261)
   * avisubtitle: Fix size checks and avoid overflows when checking sizes
     (CVE-2024-47774, GHSL-2024-262)
   * matroskademux: Only unmap GstMapInfo in WavPack header extraction error
     paths if previously mapped (CVE-2024-47540, GHSL-2024-197)
   * matroskademux: Fix off-by-one when parsing multi-channel WavPack
   * matroskademux: Check for big enough WavPack codec private data before
     accessing it (CVE-2024-47602, GHSL-2024-250)
   * matroskademux: Don't take data out of an empty adapter when processing
     WavPack frames (CVE-2024-47601, GHSL-2024-249)
   * matroskademux: Skip over laces directly when postprocessing the frame
     fails (CVE-2024-47601, GHSL-2024-249)
   * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603,
     GHSL-2024-251)
   * matroskademux: Put a copy of the codec data into the A_MS/ACM caps
     (CVE-2024-47834, GHSL-2024-280)
   * qtdemux: Fix integer overflow when allocating the samples table for
     fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237,
     GHSL-2024-241)
   * qtdemux: Fix debug output during trun parsing
   * qtdemux: Don't iterate over all trun entries if none of the flags are set
   * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries
     (CVE-2024-47598, GHSL-2024-246)
   * qtdemux: Make sure only an even number of bytes is processed when handling
     CEA608 data (CVE-2024-47539, GHSL-2024-195)
   * qtdemux: Make sure enough data is available before reading wave header
     node (CVE-2024-47543, GHSL-2024-236)
   * qtdemux: Fix length checks and offsets in stsd entry parsing
     (CVE-2024-47545, GHSL-2024-242)
   * qtdemux: Fix error handling when parsing cenc sample groups fails
     (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240)
   * qtdemux: Make sure there are enough offsets to read when parsing samples
     (CVE-2024-47597, GHSL-2024-245)
   * qtdemux: Actually handle errors returns from various functions instead of
     ignoring them (CVE-2024-47597, GHSL-2024-245)
   * qtdemux: Check for invalid atom length when extracting Closed Caption data
     (CVE-2024-47546, GHSL-2024-243)
   * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596,
     GHSL-2024-244)
Checksums-Sha1:
 8fc1fcbacef00f997bb7a72bda5431701540cc75 24810 gst-plugins-good1.0_1.22.0-5+deb12u2_mips64el-buildd.buildinfo
 9be849b249ff8664d641613a64f3ed956c6b1419 91032 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 f1c226c46eb2251e9f0e66cf36e61c5db1566f7d 89768 gstreamer1.0-gtk3_1.22.0-5+deb12u2_mips64el.deb
 e186c4a31126ef2f61c91c8706cf08b7c2bbcef3 6311440 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 46f851b2820f78f28f3ac1eee36036f92d584d84 1851592 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_mips64el.deb
 68bf2fb1efb95e97765a1e525eaf50d87a73b33e 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_mips64el.deb
 2c226283acc737febbf904f4f07057059ad36f7c 1457808 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 7882faec60629efbf2192df1532cfc08dd01a73a 120980 gstreamer1.0-qt5_1.22.0-5+deb12u2_mips64el.deb
 7998174f8ab659b64c89a1a46e6f113bb7496ee5 805980 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 21314de17354d763525ea2aedbc131a60484d3a0 99584 gstreamer1.0-qt6_1.22.0-5+deb12u2_mips64el.deb
Checksums-Sha256:
 13a74df702c623e1d98129a44a5309d328c2f2ee0685397d7d15a6aa4b3228e6 24810 gst-plugins-good1.0_1.22.0-5+deb12u2_mips64el-buildd.buildinfo
 2f869f3c332dc6891e32fa2161c9802da2ec2190677c5e62e69eea5fea865d42 91032 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 5a704ae680e001af2f34de3d74e58812685606b14a7ba77497c67e7aff1217f6 89768 gstreamer1.0-gtk3_1.22.0-5+deb12u2_mips64el.deb
 e82e6bac6f5912c69b08b7537377ad3947b8a081d30cb0ae1a4b06b7e8207aaa 6311440 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 ff6cf266d8cd7cf22fffa0ff76afd2b7bce890ef3ee670e72a61269c013a8dbd 1851592 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_mips64el.deb
 0f634228639f357f190168bcf2ff87d355f806344fa23f4bf4bc6d49f5ec9395 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_mips64el.deb
 fe9644ec35a08ba6c0923e5d172936d6a38c3c6afe4ec3bbcf71dd8a8c943f18 1457808 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 19eae7b1dce8b25abf1e2c6ae3fd52c2d1709a11109770c8d4e27c270c432a83 120980 gstreamer1.0-qt5_1.22.0-5+deb12u2_mips64el.deb
 3e3d78b5f2cb6258b121ab4f4c27feecfba3d57d5aa66d0b17d84ac7833cb053 805980 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 505b53c1f2ed9000da2f19a9d317d567a6db8f65c2177efbcd69bf5a9d168170 99584 gstreamer1.0-qt6_1.22.0-5+deb12u2_mips64el.deb
Files:
 71b50e52883244db396a44d826a0a94c 24810 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2_mips64el-buildd.buildinfo
 05657e0153f118497396e214d7b7c2a7 91032 debug optional gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 bbaedb21be5404c092b83a4307a89e7c 89768 graphics optional gstreamer1.0-gtk3_1.22.0-5+deb12u2_mips64el.deb
 f935a16523ed5a050ad43d46ce27d1c2 6311440 debug optional gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 c284f93e8236b217fb14a5a0c8bc6873 1851592 libs optional gstreamer1.0-plugins-good_1.22.0-5+deb12u2_mips64el.deb
 bf8909322ec5a1263ca4b65b0111da6e 72832 oldlibs optional gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_mips64el.deb
 f016baf5136aaff369d8ee1e453bf3a7 1457808 debug optional gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 0f2d730bf96d5cf8188c4a32cbb32c20 120980 graphics optional gstreamer1.0-qt5_1.22.0-5+deb12u2_mips64el.deb
 cc4be54b62219b6c86b560167c52ff9e 805980 debug optional gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_mips64el.deb
 66c54cd8fcfdb1a37067ddcad097a68e 99584 graphics optional gstreamer1.0-qt6_1.22.0-5+deb12u2_mips64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEunmvxaaGKuI+hxxClmZGXOM83t8FAmdnKGQACgkQlmZGXOM8
3t8zRA/+LXiu39hCUKjn9gNpFEy4mV/jy6pjwhd4dLyUeATEZmxXMyUpWj2xFwr0
tbthH1Ji/m04iAcVtrqZ7Y/cJEevRRezJo9w2L0kkzfWEUgjCEthQc0ZAcJj+YqS
JA+EkCCV4hMaCLT57+gu73mMyfQInRbZ+ZIC4cNbzMDMQQITSndRgJBE9rkg4T+T
IwJphGsKaYSyY0NwkbBLQXwZZ2VAiez1Yc+3/PpwC1r4dWdNKrYwbcnK/UBDFjXq
dheuY+pvmDXPoc0+U+mNCznjEVaqr2eo64ZmicwuQpPUbYJ63CzqKwf4B8fA5rxi
HFiGxo7R+1SKqjADuNLXrxQwYVhL+Sum2OkY8xTwBCpCUP5fWgcw+oKmqg8VwlKN
AYvtXW7cn8UsIeFi92+UuSnDcgdk17xm6vEDou7UElHTxyyPGHsBNRJt5het8VR6
JDxbfdWoCNN9pxu9Dew6JY0Kj915rUBfKJHA4rxzikZOotOPr8dMfX5PC2Qpw/Ss
oGMIvHMsWaCgnjI2EN0HiaVVqYzELAqDxomTLD1PNbonJQp2uet/0Borxbur3/0X
MMTBAJe427JHC8c1xbv+p/H0EqKV1vSefjB5kxs8IKOAUT1cr1HoIG/UH4D808gA
J2lYwib/CX4KW792vADPPT36clId03Id1m0MBttj4ic5MotkePI=
=p9jj
-----END PGP SIGNATURE-----