-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 14:32:49 +0100 Source: gst-plugins-good1.0 Binary: gstreamer1.0-gtk3 gstreamer1.0-gtk3-dbgsym gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbgsym gstreamer1.0-pulseaudio gstreamer1.0-qt5 gstreamer1.0-qt5-dbgsym gstreamer1.0-qt6 gstreamer1.0-qt6-dbgsym Architecture: ppc64el Version: 1.22.0-5+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Salvatore Bonaccorso Description: gstreamer1.0-gtk3 - GStreamer plugin for GTK+3 gstreamer1.0-plugins-good - GStreamer plugins from the "good" set gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio (transitional package) gstreamer1.0-qt5 - GStreamer plugin for Qt5 gstreamer1.0-qt6 - GStreamer plugin for Qt6 Changes: gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * qtdemux: Avoid integer overflow when parsing Theora extension (CVE-2024-47606, GHSL-2024-166) * jpegdec: Directly error out on negotiation failures (CVE-2024-47599, GHSL-2024-247) * gdkpixbufdec: Check if initializing the video info actually succeeded (CVE-2024-47613, GHSL-2024-118) * wavparse: Check for short reads when parsing headers in pull mode (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260) * wavparse: Make sure enough data for the tag list tag is available before parsing (CVE-2024-47778, GHSL-2024-258) * wavparse: Fix parsing of acid chunk * wavparse: Check that at least 4 bytes are available before parsing cue chunks * wavparse: Check that at least 32 bytes are available before parsing smpl chunks (CVE-2024-47777, GHSL-2024-259) * wavparse: Fix clipping of size to the file size (CVE-2024-47776, GHSL-2024-260) * wavparse: Check size before reading ds64 chunk (CVE-2024-47775, GHSL-2024-261) * avisubtitle: Fix size checks and avoid overflows when checking sizes (CVE-2024-47774, GHSL-2024-262) * matroskademux: Only unmap GstMapInfo in WavPack header extraction error paths if previously mapped (CVE-2024-47540, GHSL-2024-197) * matroskademux: Fix off-by-one when parsing multi-channel WavPack * matroskademux: Check for big enough WavPack codec private data before accessing it (CVE-2024-47602, GHSL-2024-250) * matroskademux: Don't take data out of an empty adapter when processing WavPack frames (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over laces directly when postprocessing the frame fails (CVE-2024-47601, GHSL-2024-249) * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603, GHSL-2024-251) * matroskademux: Put a copy of the codec data into the A_MS/ACM caps (CVE-2024-47834, GHSL-2024-280) * qtdemux: Fix integer overflow when allocating the samples table for fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237, GHSL-2024-241) * qtdemux: Fix debug output during trun parsing * qtdemux: Don't iterate over all trun entries if none of the flags are set * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries (CVE-2024-47598, GHSL-2024-246) * qtdemux: Make sure only an even number of bytes is processed when handling CEA608 data (CVE-2024-47539, GHSL-2024-195) * qtdemux: Make sure enough data is available before reading wave header node (CVE-2024-47543, GHSL-2024-236) * qtdemux: Fix length checks and offsets in stsd entry parsing (CVE-2024-47545, GHSL-2024-242) * qtdemux: Fix error handling when parsing cenc sample groups fails (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240) * qtdemux: Make sure there are enough offsets to read when parsing samples (CVE-2024-47597, GHSL-2024-245) * qtdemux: Actually handle errors returns from various functions instead of ignoring them (CVE-2024-47597, GHSL-2024-245) * qtdemux: Check for invalid atom length when extracting Closed Caption data (CVE-2024-47546, GHSL-2024-243) * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596, GHSL-2024-244) Checksums-Sha1: 3447d356e672aea12a3baaa38a63448e05414bdb 24952 gst-plugins-good1.0_1.22.0-5+deb12u2_ppc64el-buildd.buildinfo ac7e5502b6b799e6212e5c1f92dad3e6998715c0 89028 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_ppc64el.deb 3e67e3764ae7a5569ee393bb5ad881b947222c6c 92704 gstreamer1.0-gtk3_1.22.0-5+deb12u2_ppc64el.deb c32f8237f3a1635cf03d3416d97bf44d646f6eb8 6159224 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_ppc64el.deb f2e9a69bf30e46c1f4fbc6e254186bcdda636838 2156444 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_ppc64el.deb 423ed4628b90eae6491655bc2bcc07bf0a784f33 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_ppc64el.deb bc8e54b306b341cf0904ff0b7fd02bc66bab9980 1452972 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_ppc64el.deb f3210d128d84b1a0939c8eb5c906f0b12a2c5e56 125080 gstreamer1.0-qt5_1.22.0-5+deb12u2_ppc64el.deb f576be0c85232d52260132c294e1b70c3280e8a0 814280 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_ppc64el.deb 95e899c9de5a980658f227310d1bd1dfa1226736 101868 gstreamer1.0-qt6_1.22.0-5+deb12u2_ppc64el.deb Checksums-Sha256: d1e6b569bf225c7e138d299d7de59e9525ccc2b1943a24e37944aed8da6c61f1 24952 gst-plugins-good1.0_1.22.0-5+deb12u2_ppc64el-buildd.buildinfo 0cffaf9b71295ed1a290c166fbef29ead51a44bef49c31a5e9c588ae0fd95565 89028 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_ppc64el.deb 9a2836aa29110ec47d8e3215727ce068875de2f6fb49c8311053dbd37d5d6ea5 92704 gstreamer1.0-gtk3_1.22.0-5+deb12u2_ppc64el.deb 4551d8e79be08a7b7160b10a72a0452c3034f560b874dc6b669e04a94db5171c 6159224 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_ppc64el.deb e3ca552e04fab629a0d8740bf1446c7904cb3dab95ab547a04cb6e23a91395a1 2156444 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_ppc64el.deb 329ac403b8041ff7be37b7e56cee4dacfef3e1dfe6f580f17ceaab183b322de2 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_ppc64el.deb d963a489c005c306230e1d83dfacd85dad039a72e7584b1cdf782c915218120d 1452972 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_ppc64el.deb 06d969bc4bf8cfd311adad3017d212aa2d0994ff9f7fea1d6598ec4a360fc79a 125080 gstreamer1.0-qt5_1.22.0-5+deb12u2_ppc64el.deb a8f77d61625c4eeaf160a1f98ae86b2c918c25daba50590766f987663408b631 814280 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_ppc64el.deb 685cd67e82b95197702d4e91744ed421678515f1e9eb0ad25042893738d1b206 101868 gstreamer1.0-qt6_1.22.0-5+deb12u2_ppc64el.deb Files: 97b32af07f494b788054d2ab6c78155a 24952 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2_ppc64el-buildd.buildinfo 5fe5e68f512b2eba1b398d1df2894044 89028 debug optional gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_ppc64el.deb 9e9c90c965bf6740475b2904fdc343a8 92704 graphics optional gstreamer1.0-gtk3_1.22.0-5+deb12u2_ppc64el.deb a27d1254d3f973d6fbae3da05a1e9e11 6159224 debug optional gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_ppc64el.deb d196e973285f884dd7f0ed308582bec3 2156444 libs optional gstreamer1.0-plugins-good_1.22.0-5+deb12u2_ppc64el.deb 35bf8fa2372d4eeaa22b335a00085f82 72832 oldlibs optional gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_ppc64el.deb e36e78f80ec8db60ed47633ff9a02bbd 1452972 debug optional gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_ppc64el.deb 19ccc941250f3d9adad3a10cc471b6cc 125080 graphics optional gstreamer1.0-qt5_1.22.0-5+deb12u2_ppc64el.deb 75cd9fc2a9e6c150b3cabdf4842797c8 814280 debug optional gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_ppc64el.deb f1f8de559480db4607979598e4847c99 101868 graphics optional gstreamer1.0-qt6_1.22.0-5+deb12u2_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5v3ycPFoB5xoBEprvMjydu+xvRMFAmdnJVoACgkQvMjydu+x vRN3lw//a8Jnjm5cyClGBhZ0lgdZXW2NSYvQg0hofSPeQnq1mKJOD4Mv5qkZI9Ex /FoWyJMKKXc0E3oDdYAGaTb5+bax45JVPcPTyxAU+wRWa9+XkLmJE6bQotzNWGTB kLghK+gTVQoS2tCGuff80cb9JXApdP+Q7iDheryfi9m8xcBpj927Yvl6pRjE9BhV cZ9i7cdT6/C9K44zoR8rUg48owi8VHk87RD62X8CdxzTC/kTTFMMlaLWzthZqGSi KShdZJoCzh5G72RZus+kmGTmImrXjO+Ul8is8LJNrRe+n1E6rV9lBaXCg7/Kgi5q 0iLq5Oe/dvRfTH3N0HIbTVvbOGNCsXMssiXL1nIThjxxa7eQHdKAXXx7uDU/oo2C f4gfdlwE2zts4hgyNThlapEc/qkoqgx9X1r4jKrVMAQktDUsZe+yh/Tsx3Eabwi7 ugIcXoz2KumpCIkPjGpylOiMjYSv1/X0VxExuv4schQbbAMfmW1moCkvTYgXHq5l 7m5sfsOO6NXEn7ZUdO0l/qMPPrbhmthgqcZR0AKsg7HY0ep7CQ26r7se1xJQql54 WU9LTPXthmxW/tTP8uNJv3Vw2NU8Oh+xAyTWJL5k1oYiICUcIuq7rL+qUrQvc8SF Hb4WSkPZ0mqhMAYQ4V5ZEM8ICy/3kvjtWuUFVREuwTqidIPDoR4= =uUHj -----END PGP SIGNATURE-----