-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 14:32:49 +0100 Source: gst-plugins-good1.0 Binary: gstreamer1.0-gtk3 gstreamer1.0-gtk3-dbgsym gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbgsym gstreamer1.0-pulseaudio gstreamer1.0-qt5 gstreamer1.0-qt5-dbgsym gstreamer1.0-qt6 gstreamer1.0-qt6-dbgsym Architecture: s390x Version: 1.22.0-5+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: s390x Build Daemon (zani) Changed-By: Salvatore Bonaccorso Description: gstreamer1.0-gtk3 - GStreamer plugin for GTK+3 gstreamer1.0-plugins-good - GStreamer plugins from the "good" set gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio (transitional package) gstreamer1.0-qt5 - GStreamer plugin for Qt5 gstreamer1.0-qt6 - GStreamer plugin for Qt6 Changes: gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * qtdemux: Avoid integer overflow when parsing Theora extension (CVE-2024-47606, GHSL-2024-166) * jpegdec: Directly error out on negotiation failures (CVE-2024-47599, GHSL-2024-247) * gdkpixbufdec: Check if initializing the video info actually succeeded (CVE-2024-47613, GHSL-2024-118) * wavparse: Check for short reads when parsing headers in pull mode (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260) * wavparse: Make sure enough data for the tag list tag is available before parsing (CVE-2024-47778, GHSL-2024-258) * wavparse: Fix parsing of acid chunk * wavparse: Check that at least 4 bytes are available before parsing cue chunks * wavparse: Check that at least 32 bytes are available before parsing smpl chunks (CVE-2024-47777, GHSL-2024-259) * wavparse: Fix clipping of size to the file size (CVE-2024-47776, GHSL-2024-260) * wavparse: Check size before reading ds64 chunk (CVE-2024-47775, GHSL-2024-261) * avisubtitle: Fix size checks and avoid overflows when checking sizes (CVE-2024-47774, GHSL-2024-262) * matroskademux: Only unmap GstMapInfo in WavPack header extraction error paths if previously mapped (CVE-2024-47540, GHSL-2024-197) * matroskademux: Fix off-by-one when parsing multi-channel WavPack * matroskademux: Check for big enough WavPack codec private data before accessing it (CVE-2024-47602, GHSL-2024-250) * matroskademux: Don't take data out of an empty adapter when processing WavPack frames (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over laces directly when postprocessing the frame fails (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603, GHSL-2024-251) * matroskademux: Put a copy of the codec data into the A_MS/ACM caps (CVE-2024-47834, GHSL-2024-280) * qtdemux: Fix integer overflow when allocating the samples table for fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237, GHSL-2024-241) * qtdemux: Fix debug output during trun parsing * qtdemux: Don't iterate over all trun entries if none of the flags are set * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries (CVE-2024-47598, GHSL-2024-246) * qtdemux: Make sure only an even number of bytes is processed when handling CEA608 data (CVE-2024-47539, GHSL-2024-195) * qtdemux: Make sure enough data is available before reading wave header node (CVE-2024-47543, GHSL-2024-236) * qtdemux: Fix length checks and offsets in stsd entry parsing (CVE-2024-47545, GHSL-2024-242) * qtdemux: Fix error handling when parsing cenc sample groups fails (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240) * qtdemux: Make sure there are enough offsets to read when parsing samples (CVE-2024-47597, GHSL-2024-245) * qtdemux: Actually handle errors returns from various functions instead of ignoring them (CVE-2024-47597, GHSL-2024-245) * qtdemux: Check for invalid atom length when extracting Closed Caption data (CVE-2024-47546, GHSL-2024-243) * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596, GHSL-2024-244) Checksums-Sha1: 7c6b2cea642a110595e0da7c44640d0c8f35f339 24622 gst-plugins-good1.0_1.22.0-5+deb12u2_s390x-buildd.buildinfo 353670a94a33c27ffc7fbaa7e07cacd43073cf01 86128 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_s390x.deb ada0a851c86824d3014c5585a942541622c2b656 90248 gstreamer1.0-gtk3_1.22.0-5+deb12u2_s390x.deb 396d423d1efbac7e356133d6cb148c7f7a78ace8 5937340 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_s390x.deb 74f7c2330114d81d613242f14d6a186c8d3e8f42 1964404 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_s390x.deb e756c84e66bd5dce41d05d05da80ed0367cdcfbc 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_s390x.deb 34a5780bfc1acf293becfbe7b7b47934a2e02d81 1445832 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_s390x.deb 8750199f0a333b03b138c1613e9db82db1bb7d9c 119816 gstreamer1.0-qt5_1.22.0-5+deb12u2_s390x.deb c9e205072b38d38c758f53981050fe8d7ab4d63c 809240 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_s390x.deb a59ae769369bad29014b0af2c5289879c6363959 98296 gstreamer1.0-qt6_1.22.0-5+deb12u2_s390x.deb Checksums-Sha256: 7dbbb2dec98d20a790871f27b34b716e1f760326aa3b332fa2f4f49b662450a7 24622 gst-plugins-good1.0_1.22.0-5+deb12u2_s390x-buildd.buildinfo 73a595a14aa2936434165278c223b1cda45491be355fac02851779fc8891fa2a 86128 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_s390x.deb ff65f71cd112c4fd4dcc40300a526828b44ae9ab139a42547f65fc574822e9ca 90248 gstreamer1.0-gtk3_1.22.0-5+deb12u2_s390x.deb ef4bec37a29b1670edaaac155daf58727a256fc0272703c932720bbdb48c8fea 5937340 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_s390x.deb 4806bef35215fd6b58282b35c353d3d92626ed349c6b774f5a4d7bcb3fbf5b06 1964404 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_s390x.deb c1b29a8d8bc2d2c0fe499d057541460e44dc9f29c7976be809fd0e3ba371364e 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_s390x.deb d28ab066327b121dca4c8554a76afb1954ab19eabf29e13be1b93d6a84add4df 1445832 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_s390x.deb aaaae5a2a2e3aa55efdb08ff46c73ae4e00827ffebdfe5d5a39dd2b1664f9542 119816 gstreamer1.0-qt5_1.22.0-5+deb12u2_s390x.deb 0ef6c33e3e7d292ec2f44f060c5001b9231d96cf1f21ab6cf6a9441803874797 809240 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_s390x.deb ec66776c012167b65822d405f384a296d86714fcc300cf534f051d1992fafac8 98296 gstreamer1.0-qt6_1.22.0-5+deb12u2_s390x.deb Files: d4603d533dcf94049dc16830f3b584d3 24622 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2_s390x-buildd.buildinfo abd074be84d8c407d0e648af43392ad6 86128 debug optional gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_s390x.deb 78f38ebea66346e0ba7e48b94a14a0f9 90248 graphics optional gstreamer1.0-gtk3_1.22.0-5+deb12u2_s390x.deb 4a8ddfb44fa10cbaa3375924d3011085 5937340 debug optional gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_s390x.deb ab0317efa9aa3acfe4b094f3371f0674 1964404 libs optional gstreamer1.0-plugins-good_1.22.0-5+deb12u2_s390x.deb 706f90dcdec07c0a28aeb704e6ae219f 72832 oldlibs optional gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_s390x.deb ffba2632e3dbb062a3015eeab93c2a41 1445832 debug optional gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_s390x.deb e88f75563eecbb6ffa142e6717009465 119816 graphics optional gstreamer1.0-qt5_1.22.0-5+deb12u2_s390x.deb c24e5b5d2eeec4179b61fd1f0c2e8809 809240 debug optional gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_s390x.deb 3dd7badce0d5e35286bc58de37579fbf 98296 graphics optional gstreamer1.0-qt6_1.22.0-5+deb12u2_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZTC4/c20pi1/n7UBUhVQ83ojQ7QFAmdnKFsACgkQUhVQ83oj Q7RSXBAAujHVWkn2n0TM8408oAZzAPsXePw9yWd4SpnYr9WQTrIP1z+vG18DXvFK W4see+1jhpD4W6jxCDeknxPHcwYVQ5ch4xE0K825LgRHlUd1HZ5X/kXCbusFPnjA 2uYxNqjKMTQ3rmNOqKhepbobBuo7osW0r8dstuxxbVCjpB3nJrsizJmmdVkVD7cK W9KB0AHDWjDFu7aKXAdutyXAZO4MZwfl1YtPsJCmmjBz+Rb3BBrQ8R+nf2jBZ3Pn Y54FFAY/cYmIFspgy0OUO5i1UDVDv4UmyFfqBgVMQktDSB5JWFG29NwYeImngwYu 4k1wA7FeDrLojtf4Lcgk0M5lTCCsNIVx3XpRxJCto2Knclp6O0jBrRGvVpGWHZ0X NCVMHzJOoCPeSBAZ6nB1l3yF80lerL4Vdt3yiQVBpR/3iUHsv8f8XqmD8tB1VWC+ Jgt/AA/rtxiJuOaJoM+sqaFzCvq+FSxF74Avu8oD+qPnG2W7YgL8siVXnBuBCmwf J/AXLbOdnnIKPualku4io43P1/ETaBFPEI0IhZx1lPKAyvI/as9JF3LtDyazkWqC q3xMbT8fTJWRIsRl2F/G2eUhX64QAkZMeSs3AOZQVuoQw3a2QoviwaFUQr0kPKC6 1JBkp950IHU5ffakRoPTrXW3FTO4vkdUaiHqMtK2lOMFI4D0Qoc= =Qq2U -----END PGP SIGNATURE-----