gst-plugins-base1.0_1.4.4-2+deb8u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Thu Mar 30 19:47:19 UTC 2017 


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 25 Mar 2017 14:15:56 +0200
Source: gst-plugins-base1.0
Binary: gstreamer1.0-plugins-base-apps gstreamer1.0-plugins-base-doc libgstreamer-plugins-base1.0-0 libgstreamer-plugins-base1.0-dev gstreamer1.0-alsa gstreamer1.0-plugins-base gstreamer1.0-plugins-base-dbg gstreamer1.0-x gir1.2-gst-plugins-base-1.0
Architecture: source all amd64
Version: 1.4.4-2+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Maintainers of GStreamer packages <pkg-gstreamer-maintainers at lists.alioth.debian.org>
Changed-By: Sebastian Dröge <slomo at debian.org>
Description:
 gir1.2-gst-plugins-base-1.0 - Description: GObject introspection data for the GStreamer Plugins
 gstreamer1.0-alsa - GStreamer plugin for ALSA
 gstreamer1.0-plugins-base - GStreamer plugins from the "base" set
 gstreamer1.0-plugins-base-apps - GStreamer helper programs from the "base" set
 gstreamer1.0-plugins-base-dbg - GStreamer plugins from the "base" set
 gstreamer1.0-plugins-base-doc - GStreamer documentation for plugins from the "base" set
 gstreamer1.0-x - GStreamer plugins for X11 and Pango
 libgstreamer-plugins-base1.0-0 - GStreamer libraries from the "base" set
 libgstreamer-plugins-base1.0-dev - GStreamer development files for libraries from the "base" set
Changes:
 gst-plugins-base1.0 (1.4.4-2+deb8u1) jessie-security; urgency=medium
 .
   * debian/patches/0001-riff-media-Check-for-valid-channels-rate-before-usin.patch:
     + The gst_riff_create_audio_caps function in
       gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
       1.10.3 allows remote attackers to cause a denial of service (floating
       point exception and crash) via a crafted ASF file.
       https://bugzilla.gnome.org/show_bug.cgi?id=777525
 .
       Fixes CVE-2017-5837
 .
   * debian/patches/0002-riff-media-Don-t-divide-block-align-by-zero-channels.patch:
     + The gst_riff_create_audio_caps function in
       gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
       1.10.3 allows remote attackers to cause a denial of service (floating
       point exception and crash) via a crafted video file.
       https://bugzilla.gnome.org/show_bug.cgi?id=777262
 .
       Fixes CVE-2017-5844
 .
   * debian/patches/0003-riff-media-Don-t-recurse-in-for-nested-WAVEFORMATEX.patch:
     + The gst_riff_create_audio_caps function in
       gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
       1.10.3 does not properly limit recursion, which allows remote attackers to
       cause a denial of service (stack overflow and crash) via vectors involving
       nested WAVEFORMATEX.
       https://bugzilla.gnome.org/show_bug.cgi?id=777265
 .
       Fixes CVE-2017-5839
 .
   * debian/patches/0004-samiparse-Check-that-the-string-has-a-non-zero-lengt.patch:
     + The html_context_handle_element function in gst/subparse/samiparse.c in
       gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to
       cause a denial of service (out-of-bounds write) via a crafted SMI file, as
       demonstrated by OneNote_Manager.smi.
       https://bugzilla.gnome.org/show_bug.cgi?id=777502
 .
       Fixes CVE-2017-5842
 .
   * debian/patches/0005-typefind-bounds-check-windows-ico-detection.patch:
     + The windows_icon_typefind function in gst-plugins-base in GStreamer
       before 1.10.2, when G_SLICE is set to always-malloc, allows remote
       attackers to cause a denial of service (out-of-bounds read) via a crafted
       ico file.
       https://bugzilla.gnome.org/show_bug.cgi?id=774902
 .
       Fixes CVE-2016-9811
Checksums-Sha1:
 7f6c399cb562b5210befff7ca005a72df7577912 3922 gst-plugins-base1.0_1.4.4-2+deb8u1.dsc
 ebf0f9bab82184b4742c4298e4e8ae14e394d935 41864 gst-plugins-base1.0_1.4.4-2+deb8u1.debian.tar.xz
 f46c9f096a641623b6d69f6c1aaba0c87a1dd71e 2632996 gst-plugins-base1.0_1.4.4.orig.tar.xz
 cd8bb7c56e57f002dca4ec8cefcab2eb29e18861 1090848 gstreamer1.0-plugins-base-doc_1.4.4-2+deb8u1_all.deb
 15bdc8a80e774e4132ea9b580d7f9249ee155eac 786860 gstreamer1.0-plugins-base-apps_1.4.4-2+deb8u1_amd64.deb
 b4ef3df2c18ae1da3ae89c9851b18e677be57352 1298150 libgstreamer-plugins-base1.0-0_1.4.4-2+deb8u1_amd64.deb
 49a4e20ed8ae25e8e6efce4498f39cf60ba467eb 970200 libgstreamer-plugins-base1.0-dev_1.4.4-2+deb8u1_amd64.deb
 cd5470f722a363066f0ea09362e1f1a73509061f 791876 gstreamer1.0-alsa_1.4.4-2+deb8u1_amd64.deb
 a613702d3ae8d4196141b19a97b285d97b458376 1284900 gstreamer1.0-plugins-base_1.4.4-2+deb8u1_amd64.deb
 7567b0ce0da5ab4f5867616e929ed7c66b700082 3466764 gstreamer1.0-plugins-base-dbg_1.4.4-2+deb8u1_amd64.deb
 5c1204f850236102f85fe8f98835967eee520656 830750 gstreamer1.0-x_1.4.4-2+deb8u1_amd64.deb
 ec1858bb507dbbd1136f139ddd2b15758ea20fb4 819700 gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u1_amd64.deb
Checksums-Sha256:
 9027629b9e790cef343b5effd757aa051f00293082e979b899ed9cefb6c24263 3922 gst-plugins-base1.0_1.4.4-2+deb8u1.dsc
 84f294f7ec18997ff2eef38b338ee33576584d016ebb9979fbce418a146f2ece 41864 gst-plugins-base1.0_1.4.4-2+deb8u1.debian.tar.xz
 49cd9e8f23c416b1607b43837a09833fa03e0106929d81ead2ddfde6c0ade44b 2632996 gst-plugins-base1.0_1.4.4.orig.tar.xz
 2ca7c1731d241a3620b11bfe79b2513abb3032e1c7ea7e5bb357676616c4d9be 1090848 gstreamer1.0-plugins-base-doc_1.4.4-2+deb8u1_all.deb
 acea6523c52115915ca2767fcce84e0e0122dca6c571eaac10337db2d5e9ceb5 786860 gstreamer1.0-plugins-base-apps_1.4.4-2+deb8u1_amd64.deb
 fbe20197f1fec8fcb90d585238d00431f0756814b38d6172b29c5ed441045f04 1298150 libgstreamer-plugins-base1.0-0_1.4.4-2+deb8u1_amd64.deb
 44e46843fefcaaf5a249364d86e3bd29dad667664a320f85139cffad48298b0b 970200 libgstreamer-plugins-base1.0-dev_1.4.4-2+deb8u1_amd64.deb
 c0ab390374dfacb9df961e1d6069c634cf85030ee2a03bf63fd5751d46739029 791876 gstreamer1.0-alsa_1.4.4-2+deb8u1_amd64.deb
 a0661745c8eb9f910885bb2c3aeb874865e3afea079700e68aae07004ab6126c 1284900 gstreamer1.0-plugins-base_1.4.4-2+deb8u1_amd64.deb
 58b7394b69e008b75444ae8653c4dea8570e70c288abbb416498b5163cdc23b1 3466764 gstreamer1.0-plugins-base-dbg_1.4.4-2+deb8u1_amd64.deb
 2150f8fe55938f3aef83c8a32e556eccba1639cd85166b9e811210d449d5665b 830750 gstreamer1.0-x_1.4.4-2+deb8u1_amd64.deb
 fbe338b48122306f203594aab3ba06a8c4abcf83ce2125b31b5d2eaf93be5a5d 819700 gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u1_amd64.deb
Files:
 5ca82d8e8f6734d4421e417a841ff1bc 3922 libs optional gst-plugins-base1.0_1.4.4-2+deb8u1.dsc
 23ae0ab89a51c5c5d0a71fa2629baa8a 41864 libs optional gst-plugins-base1.0_1.4.4-2+deb8u1.debian.tar.xz
 0c42eca8f9e4efd56d2ce8e9249ce4a1 2632996 libs optional gst-plugins-base1.0_1.4.4.orig.tar.xz
 e0ad96a7fdbf5dbab5656349f9a7f17d 1090848 doc optional gstreamer1.0-plugins-base-doc_1.4.4-2+deb8u1_all.deb
 100d66f8ca5075e3e41837e8a932821f 786860 utils optional gstreamer1.0-plugins-base-apps_1.4.4-2+deb8u1_amd64.deb
 9501480e5bc8605ab6cfad1fe088b3f1 1298150 libs optional libgstreamer-plugins-base1.0-0_1.4.4-2+deb8u1_amd64.deb
 f501eca051e473d915f13ac822cdc12c 970200 libdevel optional libgstreamer-plugins-base1.0-dev_1.4.4-2+deb8u1_amd64.deb
 2493751c75e99056df73a016cb87edd2 791876 libs optional gstreamer1.0-alsa_1.4.4-2+deb8u1_amd64.deb
 ffabdfc68e341fb54d8caf705acea651 1284900 libs optional gstreamer1.0-plugins-base_1.4.4-2+deb8u1_amd64.deb
 af92967fcc76e4f07cf4d08ee3fcd8c4 3466764 debug extra gstreamer1.0-plugins-base-dbg_1.4.4-2+deb8u1_amd64.deb
 c47324e503e58e4f12d7cc51f92decc7 830750 libs optional gstreamer1.0-x_1.4.4-2+deb8u1_amd64.deb
 3bdcb59bf9661e9fb51aedac475dc7f5 819700 introspection optional gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEEf0vHzDygb5cza7/rBmjMFIbC17UFAljW6EdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDdG
NEJDN0NDM0NBMDZGOTczMzZCQkZFQjA2NjhDQzE0ODZDMkQ3QjUSHHNsb21vQGNv
YXhpb24ubmV0AAoJEAZozBSGwte1vPMP/RvbxZJvEDzuhwhvYA1trOqiH0EEOg2f
k3PO/Z9+t5IwPiM4we7nAMXTy3Zliaubnk43fL0fjurrKZmBNYB18MaIZXviafB+
QWXIqQj1G28M4iZvk/E7TYinYDdvaH6elmgyxsLHLa1Cxi//FcdmNPkR9sKOa9PO
103aLmja62qBqtyoacB/JmG/5uQ8MM6zWdB7VHRtPxvHFpe4lme2hIl/RUEctKw+
DWVaD/VT06k/xXlVy510TdUE5nZ6Pl1Bj0UsMENMT2mBkajeosslFS/CJmSq2QLG
BkraJhR/srKOJcvJqTl1DycWblA7pm+8kaookv5sJVSMp2+eljgh7+FVSC8xS8Se
9XcRwb0zvHXlFBQFV67Idi6TorKz2N12tB+wbol5XqPs1wAt0sCZlOD/Uyzl00bk
WbSBddW8IAS48cWy4t0jGJxqQz1DkzADHUHvgYk/MBAaX3tLOiiXSW6QmufgjoIR
b7kmJeiGiKflF5NI+mDjGnLZcsJF3Yo5E2W9MNQDE9aDRRjmLpz437OuClDhoOS3
+X9aHSUWUFMt9l44sFnROoAgaR0a8PCpjGuZ9JCoOc8w8X7lDgWlIkno79UDpslu
H2R5o45YQ0YCU8LEQLwt3/lmsBRvMLbMQ7apE95aeRP50c90LKnABF9aWQ7W0GL4
kNqfODyEzxvw
=inIp
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the pkg-gstreamer-maintainers mailing list