gst-plugins-good1.0_1.4.4-2+deb8u3_amd64.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Mon Mar 27 21:24:05 UTC 2017
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 25 Mar 2017 14:26:39 +0200
Source: gst-plugins-good1.0
Binary: gstreamer1.0-plugins-good-doc gstreamer1.0-pulseaudio gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbg
Architecture: source all amd64
Version: 1.4.4-2+deb8u3
Distribution: jessie-security
Urgency: medium
Maintainer: Maintainers of GStreamer packages <pkg-gstreamer-maintainers at lists.alioth.debian.org>
Changed-By: Sebastian Dröge <slomo at debian.org>
Description:
gstreamer1.0-plugins-good - GStreamer plugins from the "good" set
gstreamer1.0-plugins-good-dbg - GStreamer plugins from the "good" set
gstreamer1.0-plugins-good-doc - GStreamer documentation for plugins from the "good" set
gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio
Changes:
gst-plugins-good1.0 (1.4.4-2+deb8u3) jessie-security; urgency=medium
.
* debian/patches/0001-aacparse-Make-sure-we-have-enough-data-in-the-codec_.patch:
+ The gst_aac_parse_sink_setcaps function in
gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before
1.10.3 allows remote attackers to cause a denial of service (invalid
memory read and crash) via a crafted audio file.
https://bugzilla.gnome.org/show_bug.cgi?id=775450
.
Fixes CVE-2016-10198
.
* debian/patches/0002-avidemux-Fix-various-out-of-bounds-reads-when-parsin.patch:
+ The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in
gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
cause a denial of service (out-of-bounds heap read) via vectors involving
ncdt tags.
https://bugzilla.gnome.org/show_bug.cgi?id=777500
.
Fixes CVE-2017-5841
.
* debian/patches/0003-avidemux-Stop-reading-a-ncdt-sub-tag-if-it-goes-behi.patch:
+ The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in
gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
cause a denial of service (invalid memory read and crash) via a ncdt
sub-tag that "goes behind" the surrounding tag.
https://bugzilla.gnome.org/show_bug.cgi?id=777532
.
Fixes CVE-2017-5845
.
* debian/patches/0004-qtdemux-Fix-out-of-bounds-read-in-tag-parsing-code.patch:
+ The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in
gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
cause a denial of service (out-of-bounds read and crash) via a crafted tag
value.
https://bugzilla.gnome.org/show_bug.cgi?id=775451
.
Fixes CVE-2016-10199
.
* debian/patches/0005-qtdemux-Increment-current-stts-index-whenever-we-fin.patch:
+ The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in
gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
cause a denial of service (out-of-bounds heap read) via vectors involving
the current stts index.
https://bugzilla.gnome.org/show_bug.cgi?id=777469
.
Fixes CVE-2017-5840
Checksums-Sha1:
ba42908a0de036d065c9ceb5e28cfc511af31013 3610 gst-plugins-good1.0_1.4.4-2+deb8u3.dsc
25de9e4d2c8c2abd82baf3e99dedf67f8fed12b9 45312 gst-plugins-good1.0_1.4.4-2+deb8u3.debian.tar.xz
7de137c3563af4ed34385783977bbac56711c6ad 1110624 gstreamer1.0-plugins-good-doc_1.4.4-2+deb8u3_all.deb
62a8865f7a4c1ac19be3598f9c4410f0f8afc3b8 962596 gstreamer1.0-pulseaudio_1.4.4-2+deb8u3_amd64.deb
0a35c2d3a90bc9bb12361b73a04d970f6377363c 2368078 gstreamer1.0-plugins-good_1.4.4-2+deb8u3_amd64.deb
cf1db366d33d45c12ff09d0b26bbd2cbf14463fe 5405222 gstreamer1.0-plugins-good-dbg_1.4.4-2+deb8u3_amd64.deb
Checksums-Sha256:
8f099cdeb54e6c21ddb94abd06c238bf511b0a63693735926f05836c3a2ead86 3610 gst-plugins-good1.0_1.4.4-2+deb8u3.dsc
6ae00f663c6b0c5dd2885511a305266baef2b0d70175e942b30141039178a305 45312 gst-plugins-good1.0_1.4.4-2+deb8u3.debian.tar.xz
68c00bb085c62e39c7a2e6d55d98e2f8f9320cebe231b9ace8fc8cafce2812c7 1110624 gstreamer1.0-plugins-good-doc_1.4.4-2+deb8u3_all.deb
1facbd46dc824fe60a4e4581a4dc193ed14206e6c5a7a36146992a07e9414df4 962596 gstreamer1.0-pulseaudio_1.4.4-2+deb8u3_amd64.deb
9c392cd2cc11e6a6d659145aa57369fcc836f366768f513f8d62be1c30a5f3f7 2368078 gstreamer1.0-plugins-good_1.4.4-2+deb8u3_amd64.deb
51bc4b8263c59f4376da372cd89983e2e6b4f7700f9d392f7cecf3a745421dbf 5405222 gstreamer1.0-plugins-good-dbg_1.4.4-2+deb8u3_amd64.deb
Files:
3b96ad218a7b94798d19189411c8bbd1 3610 libs optional gst-plugins-good1.0_1.4.4-2+deb8u3.dsc
6a6d14e3d4f78a286384594268332124 45312 libs optional gst-plugins-good1.0_1.4.4-2+deb8u3.debian.tar.xz
8c276e15ed89bf3c565b15133544529f 1110624 doc optional gstreamer1.0-plugins-good-doc_1.4.4-2+deb8u3_all.deb
cdba0dea7c4c50df5df8ecbfaf3e3118 962596 sound optional gstreamer1.0-pulseaudio_1.4.4-2+deb8u3_amd64.deb
41c39a589fdb8b5a8b8b5ce078f040ba 2368078 libs optional gstreamer1.0-plugins-good_1.4.4-2+deb8u3_amd64.deb
1750f2878ab41a000130c332570ea7c0 5405222 debug extra gstreamer1.0-plugins-good-dbg_1.4.4-2+deb8u3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEEf0vHzDygb5cza7/rBmjMFIbC17UFAljWruVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDdG
NEJDN0NDM0NBMDZGOTczMzZCQkZFQjA2NjhDQzE0ODZDMkQ3QjUSHHNsb21vQGNv
YXhpb24ubmV0AAoJEAZozBSGwte1COAP/1NkuHzoK5Ge3s20+2SsUJxIYl/4bTu6
ZV+YwNlym+Pa7j+knEhZb4jmXNMkIrNiAG/Bf0AVDoOP6U0LrvulrgKHsJKo/8+G
PEIsgvfu/jw5ZyLoSmAlJ1PF88SWtEzO0oXZR3wO9ulQnux66iOehaSnW53SSXw9
fvjPcYS/KEc36nj+U7TNVOBXd+mIrPvCVmutqxrNKpPlwYAqUsZmM/Na+WXXCZIf
Y8rWRGfZCm0aI8w2RUVot4dqEUda8y/1dWMFPV6A1nbFGhmMy/M3DyQ+qOk/5x6D
ON5yTsAostaqOj24w+fwDhKWyjIrtsgi0Te/LnUodWIOJ1aVsCFrcusjVusWI0rh
XDht7cRAGUSVRopeLrAZlicwwfWVXvtadNenGYLd8oeKFWN6+/Xicul+8TQH6b8V
FXqwMKSEpaZWw8Zgts95N1A8RWoa6ubhrads2gGMXz/Qp+6fwElbUFrciEyeTPol
H4VR8fR7IqrAi+yB/LIAu7Zpa5a5bLfCatcnkUvfvThAviVJkZmaJ7Hqbx52TTpi
bxISaisOGSANO56gKD1JNvXzrqdm7e2+rP0n6PexQ7oZV60Y1b8QlpQ4s6VNurv5
5kPAsyN/pxvcEG8HiNi1J/HAdTp9hUU7w1l5XR7pGKPnRSpaHCU+SFsP7DpGwpXE
RoYRRowW0RsU
=+tCy
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-gstreamer-maintainers
mailing list