-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 14:32:49 +0100 Source: gst-plugins-good1.0 Binary: gstreamer1.0-gtk3 gstreamer1.0-gtk3-dbgsym gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbgsym gstreamer1.0-pulseaudio gstreamer1.0-qt5 gstreamer1.0-qt5-dbgsym gstreamer1.0-qt6 gstreamer1.0-qt6-dbgsym Architecture: arm64 Version: 1.22.0-5+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-conova-04) Changed-By: Salvatore Bonaccorso Description: gstreamer1.0-gtk3 - GStreamer plugin for GTK+3 gstreamer1.0-plugins-good - GStreamer plugins from the "good" set gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio (transitional package) gstreamer1.0-qt5 - GStreamer plugin for Qt5 gstreamer1.0-qt6 - GStreamer plugin for Qt6 Changes: gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * qtdemux: Avoid integer overflow when parsing Theora extension (CVE-2024-47606, GHSL-2024-166) * jpegdec: Directly error out on negotiation failures (CVE-2024-47599, GHSL-2024-247) * gdkpixbufdec: Check if initializing the video info actually succeeded (CVE-2024-47613, GHSL-2024-118) * wavparse: Check for short reads when parsing headers in pull mode (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260) * wavparse: Make sure enough data for the tag list tag is available before parsing (CVE-2024-47778, GHSL-2024-258) * wavparse: Fix parsing of acid chunk * wavparse: Check that at least 4 bytes are available before parsing cue chunks * wavparse: Check that at least 32 bytes are available before parsing smpl chunks (CVE-2024-47777, GHSL-2024-259) * wavparse: Fix clipping of size to the file size (CVE-2024-47776, GHSL-2024-260) * wavparse: Check size before reading ds64 chunk (CVE-2024-47775, GHSL-2024-261) * avisubtitle: Fix size checks and avoid overflows when checking sizes (CVE-2024-47774, GHSL-2024-262) * matroskademux: Only unmap GstMapInfo in WavPack header extraction error paths if previously mapped (CVE-2024-47540, GHSL-2024-197) * matroskademux: Fix off-by-one when parsing multi-channel WavPack * matroskademux: Check for big enough WavPack codec private data before accessing it (CVE-2024-47602, GHSL-2024-250) * matroskademux: Don't take data out of an empty adapter when processing WavPack frames (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over laces directly when postprocessing the frame fails (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603, GHSL-2024-251) * matroskademux: Put a copy of the codec data into the A_MS/ACM caps (CVE-2024-47834, GHSL-2024-280) * qtdemux: Fix integer overflow when allocating the samples table for fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237, GHSL-2024-241) * qtdemux: Fix debug output during trun parsing * qtdemux: Don't iterate over all trun entries if none of the flags are set * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries (CVE-2024-47598, GHSL-2024-246) * qtdemux: Make sure only an even number of bytes is processed when handling CEA608 data (CVE-2024-47539, GHSL-2024-195) * qtdemux: Make sure enough data is available before reading wave header node (CVE-2024-47543, GHSL-2024-236) * qtdemux: Fix length checks and offsets in stsd entry parsing (CVE-2024-47545, GHSL-2024-242) * qtdemux: Fix error handling when parsing cenc sample groups fails (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240) * qtdemux: Make sure there are enough offsets to read when parsing samples (CVE-2024-47597, GHSL-2024-245) * qtdemux: Actually handle errors returns from various functions instead of ignoring them (CVE-2024-47597, GHSL-2024-245) * qtdemux: Check for invalid atom length when extracting Closed Caption data (CVE-2024-47546, GHSL-2024-243) * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596, GHSL-2024-244) Checksums-Sha1: 61fab718dd4b2f78f48fceb47b228044752e69e1 24999 gst-plugins-good1.0_1.22.0-5+deb12u2_arm64-buildd.buildinfo 39c61cd59899be81de3e95ce509c24f2ab8ce789 87632 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_arm64.deb 1f5ad03c2948f22c32a9dc352b01bbc4903f3769 90672 gstreamer1.0-gtk3_1.22.0-5+deb12u2_arm64.deb baf46ddb353794c18455480fd3535df89b5d75b5 5938624 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_arm64.deb 83da4473088728fba77e3e80a32b9e32e96c0064 1947632 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_arm64.deb 7d70b88aaaea2fdfb5f83d2d10dafd4cc09af770 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_arm64.deb 514aee8dcb6a84a3a5f5421e7ab8547ae5aeb845 1446464 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_arm64.deb f40c6e84fd91b939447bf5ff4e9efb344fe321eb 120092 gstreamer1.0-qt5_1.22.0-5+deb12u2_arm64.deb f3f7a6cd268a1cfe1c8b7e929fef05c7fc661850 809356 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_arm64.deb b37819b2136d19beba2fe5c63ed9616b0624b325 98780 gstreamer1.0-qt6_1.22.0-5+deb12u2_arm64.deb Checksums-Sha256: 9c21508e8315d23f5c3823b9a9b0bca4dde72ad18818c9ef4844636c642bc0c7 24999 gst-plugins-good1.0_1.22.0-5+deb12u2_arm64-buildd.buildinfo 91c000ef1ee19c034dc14d68c401dbcefc47f1274f613f55a4f0929e73f0e152 87632 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_arm64.deb d0b69c51b365fcd9eec5943fb1460d89597fb5eb669b8db4f3243fcf0206c888 90672 gstreamer1.0-gtk3_1.22.0-5+deb12u2_arm64.deb 96374485a364c73b09017fad63d1c598be41661385d0ab1378424af200ab4cde 5938624 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_arm64.deb ce799bb398690501468ccdf29c643e7742a9a435a5f70741a7af69f1be07161c 1947632 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_arm64.deb ced59c9165922e37c1e0daf50752bf5b7311a254b00c07955c5ae365321a57f2 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_arm64.deb 2fb48329dd17e3f90632577db78a98ab886407cf01b025c64fbb0353030b201f 1446464 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_arm64.deb 9607218cebe57dd940936ef8286313db38861361fdb4c1a5cc9b11631f6b2c3b 120092 gstreamer1.0-qt5_1.22.0-5+deb12u2_arm64.deb 457808da99c9412dff260f2b73cd010b586b87a8f4f39bab2cef54660ab46798 809356 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_arm64.deb 50e6df7d0aa6b297823a3dd09eebc67ebb30ebe7c3cd20d912925ed6a12e0adc 98780 gstreamer1.0-qt6_1.22.0-5+deb12u2_arm64.deb Files: d3271b96c71cac8c84d6a25630a97888 24999 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2_arm64-buildd.buildinfo dfbd5cb960700b22ba4cffe3f21653df 87632 debug optional gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_arm64.deb eacf7536ebe71f333695632970f8287b 90672 graphics optional gstreamer1.0-gtk3_1.22.0-5+deb12u2_arm64.deb 13be0c15fa91a66e85630dc3f6b4f0e3 5938624 debug optional gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_arm64.deb 3792b46c3d3d3b5a50d78f1eb0e002eb 1947632 libs optional gstreamer1.0-plugins-good_1.22.0-5+deb12u2_arm64.deb 34ec9ef146af3b04d6d61845c69b44c0 72832 oldlibs optional gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_arm64.deb 15ad2f9a06dad147d64ca0fcb13e78fb 1446464 debug optional gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_arm64.deb 3f55fb57051c3fe46cf405ad60624d09 120092 graphics optional gstreamer1.0-qt5_1.22.0-5+deb12u2_arm64.deb bf5ea62d3b1d6c9a5efe45653413c64a 809356 debug optional gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_arm64.deb e1a6e17181db90c703d9c7712078ace1 98780 graphics optional gstreamer1.0-qt6_1.22.0-5+deb12u2_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvEwFZ4bqkVI+Rh6t+N4VxR6LZYEFAmdnJaQACgkQ+N4VxR6L ZYGJtw//Ww1xl7FNKLTPmdJ8fTcbs7bgRhRHvanG7l+KbHqFoVvkVmnmD0iogF8r Px/8+P5wHWLgi6v8gFkPjFfoweqfrbdbIovJHo2UxAReXDpMl0+L30yBlTHAZeX1 XHW3MdnPZoBDKq3Iu3PJ+n/D1/QZvX6hSEIlylr+tE65Md2b/Ew2nOA8gdqQSfzk Ka7RBLScVH0WQCBW+AEdx25lx75Z/H3SeC25ckeEx52S7xwj7zSLSN74Khu6N1u5 MP06XOV4U+FcIJTqWNuOlX9c+07WtB4bcT58w/CC//6Vz8p2Vgb3lk3ObVsvbGlK WptY8zGiLYRtRqHTlKWVQg5E+c7QayWNsCrbShUE+7wRLUFAOhFe6XSbrAV4FoDH oD5ze5V3k3uEKfZbw0x2cB3rTK85w1vrqrbYHX24Vc1iiH+g/blfaz7T9oKj9JO6 r2UDH4pP0uaTfF13GDPW8oAuRt9N4CZ08T+HuCc+SeLMObxYneoxqG6VioYlrg8u qINIZXsqMHHyZRvZ5Jf0AU+OQxYih+dqnplSG+Lh0JN1WUq6jnahQxDXvSTM61Xv 8/0k71jZgnq2I1L/Q9Pltm5OYDMQT2nePGz3pfVbT81OZGrd6XYyXlDl5nMQ7oNh pdDj22txXV4uNtwOqy8dPPG1+FeKNaOhpeaE8/UdcPTDRVzKC+c= =YOQq -----END PGP SIGNATURE-----