-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Dec 2024 14:32:49 +0100
Source: gst-plugins-good1.0
Binary: gstreamer1.0-gtk3 gstreamer1.0-gtk3-dbgsym gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbgsym gstreamer1.0-pulseaudio gstreamer1.0-qt5 gstreamer1.0-qt5-dbgsym gstreamer1.0-qt6 gstreamer1.0-qt6-dbgsym
Architecture: amd64
Version: 1.22.0-5+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 gstreamer1.0-gtk3 - GStreamer plugin for GTK+3
 gstreamer1.0-plugins-good - GStreamer plugins from the "good" set
 gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio (transitional package)
 gstreamer1.0-qt5 - GStreamer plugin for Qt5
 gstreamer1.0-qt6 - GStreamer plugin for Qt6
Changes:
 gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * qtdemux: Avoid integer overflow when parsing Theora extension
     (CVE-2024-47606, GHSL-2024-166)
   * jpegdec: Directly error out on negotiation failures (CVE-2024-47599,
     GHSL-2024-247)
   * gdkpixbufdec: Check if initializing the video info actually succeeded
     (CVE-2024-47613, GHSL-2024-118)
   * wavparse: Check for short reads when parsing headers in pull mode
     (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260)
   * wavparse: Make sure enough data for the tag list tag is available before
     parsing (CVE-2024-47778, GHSL-2024-258)
   * wavparse: Fix parsing of acid chunk
   * wavparse: Check that at least 4 bytes are available before parsing cue
     chunks
   * wavparse: Check that at least 32 bytes are available before parsing smpl
     chunks (CVE-2024-47777, GHSL-2024-259)
   * wavparse: Fix clipping of size to the file size (CVE-2024-47776,
     GHSL-2024-260)
   * wavparse: Check size before reading ds64 chunk (CVE-2024-47775,
     GHSL-2024-261)
   * avisubtitle: Fix size checks and avoid overflows when checking sizes
     (CVE-2024-47774, GHSL-2024-262)
   * matroskademux: Only unmap GstMapInfo in WavPack header extraction error
     paths if previously mapped (CVE-2024-47540, GHSL-2024-197)
   * matroskademux: Fix off-by-one when parsing multi-channel WavPack
   * matroskademux: Check for big enough WavPack codec private data before
     accessing it (CVE-2024-47602, GHSL-2024-250)
   * matroskademux: Don't take data out of an empty adapter when processing
     WavPack frames (CVE-2024-47601, GHSL-2024-249)
   * matroskademux: Skip over laces directly when postprocessing the frame
     fails (CVE-2024-47601, GHSL-2024-249)
   * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603,
     GHSL-2024-251)
   * matroskademux: Put a copy of the codec data into the A_MS/ACM caps
     (CVE-2024-47834, GHSL-2024-280)
   * qtdemux: Fix integer overflow when allocating the samples table for
     fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237,
     GHSL-2024-241)
   * qtdemux: Fix debug output during trun parsing
   * qtdemux: Don't iterate over all trun entries if none of the flags are set
   * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries
     (CVE-2024-47598, GHSL-2024-246)
   * qtdemux: Make sure only an even number of bytes is processed when handling
     CEA608 data (CVE-2024-47539, GHSL-2024-195)
   * qtdemux: Make sure enough data is available before reading wave header
     node (CVE-2024-47543, GHSL-2024-236)
   * qtdemux: Fix length checks and offsets in stsd entry parsing
     (CVE-2024-47545, GHSL-2024-242)
   * qtdemux: Fix error handling when parsing cenc sample groups fails
     (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240)
   * qtdemux: Make sure there are enough offsets to read when parsing samples
     (CVE-2024-47597, GHSL-2024-245)
   * qtdemux: Actually handle errors returns from various functions instead of
     ignoring them (CVE-2024-47597, GHSL-2024-245)
   * qtdemux: Check for invalid atom length when extracting Closed Caption data
     (CVE-2024-47546, GHSL-2024-243)
   * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596,
     GHSL-2024-244)
Checksums-Sha1:
 8db0fff6b8087efca33d2cecfbcb3fe3a7d43d36 24952 gst-plugins-good1.0_1.22.0-5+deb12u2_amd64-buildd.buildinfo
 a0f564506c3210bf79d61a00087407e0415a5859 87532 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_amd64.deb
 35e2abdc01568ebd2d8ee4cd0f956abb981fb30b 92872 gstreamer1.0-gtk3_1.22.0-5+deb12u2_amd64.deb
 86281889ad7d4bde5beddd9f87ddf072f33258fa 6052200 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_amd64.deb
 18ef29465db8543def5f84a0f8b8300317c1e393 2221428 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_amd64.deb
 dfd5f3de92fa66b34386f246c9a5cb5c16e986f0 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_amd64.deb
 963a5a376c3ca97500bd0b7617754a2a057d1a3e 1451088 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_amd64.deb
 9ede59022a19c3cf61a87c79362cc90dc0f36f4f 125572 gstreamer1.0-qt5_1.22.0-5+deb12u2_amd64.deb
 fd6a453abbcbb48f77fd1981b24c0df25db62f7b 812008 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_amd64.deb
 d50d29d23c2b5cf508887c3a008e1aedab81ead1 101400 gstreamer1.0-qt6_1.22.0-5+deb12u2_amd64.deb
Checksums-Sha256:
 96dae6be54d81c5f7d22787a54a77e433ec079ba8f447524562324a58f03eaa0 24952 gst-plugins-good1.0_1.22.0-5+deb12u2_amd64-buildd.buildinfo
 27ed4b10ca3c9e331ed72352570ce052fd759a8cab6e3ba749c196b0f925ceda 87532 gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_amd64.deb
 f9d590ef5caa34164b4ebac1416d1d3e71965c321793f2a3e12dd32f4cf5aadf 92872 gstreamer1.0-gtk3_1.22.0-5+deb12u2_amd64.deb
 77b31e01b7d75f5884a5038a9a2df399b64a8a7f7377a31501fdcba1d2f85ecd 6052200 gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_amd64.deb
 2be69879d4d80356145b4eedbf487c7ef03d59ad671790bd54de2b084ac8e587 2221428 gstreamer1.0-plugins-good_1.22.0-5+deb12u2_amd64.deb
 b909f32f964d27d04800c55d09b89ba865b4fe0b67348c13a5c36e2ab8784fc2 72832 gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_amd64.deb
 a06467527a1d065177c085d17d0b9785c80faac6687c35ee43586c5b7ed0ec7f 1451088 gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_amd64.deb
 1aa5bd0cfffa3f7a7a2939faa1bc36b0ab7aaa3c752f813c9c5bd7d24e840986 125572 gstreamer1.0-qt5_1.22.0-5+deb12u2_amd64.deb
 175d62b9608187f4337a794c969a56c6fdadc6ecb082dd875122c65055a329ad 812008 gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_amd64.deb
 7a70246e076f0a6c9d24b7e73fe66464eb448918ebf3c4ba7e1b1f2eeffae4a6 101400 gstreamer1.0-qt6_1.22.0-5+deb12u2_amd64.deb
Files:
 79415a4dab37a38fe99a8a68a479bc8a 24952 libs optional gst-plugins-good1.0_1.22.0-5+deb12u2_amd64-buildd.buildinfo
 79b8a066650b9fb09bec880d1ca6c754 87532 debug optional gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u2_amd64.deb
 e646cf954047e1d8c6be56e118b3a6b7 92872 graphics optional gstreamer1.0-gtk3_1.22.0-5+deb12u2_amd64.deb
 a0e0d7648d584a24fc033c2777127153 6052200 debug optional gstreamer1.0-plugins-good-dbgsym_1.22.0-5+deb12u2_amd64.deb
 4ac1c03a5d4edc43783554528d9d7873 2221428 libs optional gstreamer1.0-plugins-good_1.22.0-5+deb12u2_amd64.deb
 0c25c5a911ac0d565fbc84e1eaae2e65 72832 oldlibs optional gstreamer1.0-pulseaudio_1.22.0-5+deb12u2_amd64.deb
 8f72b1bf0d93e9194d9fd0fdec0e22fa 1451088 debug optional gstreamer1.0-qt5-dbgsym_1.22.0-5+deb12u2_amd64.deb
 90fe53c12aa007a4819737d21ed177c3 125572 graphics optional gstreamer1.0-qt5_1.22.0-5+deb12u2_amd64.deb
 76138b23ff9a53a90def3ab6bc387fa0 812008 debug optional gstreamer1.0-qt6-dbgsym_1.22.0-5+deb12u2_amd64.deb
 7f1e13f45693ca72c7930645af6fb7b8 101400 graphics optional gstreamer1.0-qt6_1.22.0-5+deb12u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmdnJVIACgkQgDm7h4zf
CpJcdBAAmIjMrHVy9eUafHnrF9/qpyfnm71VJhZGOEbG8VKkBtc+ors31yLdhGXg
0i6ikxwkk19F7s9j9vZHiuVCeQsx7yKzhjNPNPy/cX8xaxcp1WiCS2yzmTku5yd7
4cuHbpfwNokKpg3nVQiujnJT6WZyrSLiuFT1f/64x0jw+NASASta1CS55AycVJW1
ew0WEHmsB+dCSazkqksmjaG8aSpj6qD6/HjyCh3O5bGTVe2+OZ+jzM8sUXWkIaLA
nTxw7lvKeW+BevYIwBe1++iQU3FVR9eWNzTkBDjwtBc6V/LGKuY8ZqYtmp7crOTc
0P09fvE98xSNWQsWSl82bqRrJ3JCb20WOHAtgQf0+1AtNorcb0xBijLkQPEqCtWh
KUR6F2n2+wXyMkrIf+YJ8SQz9rM06Y9zfqjFptOlTmMroTxjK8JtDEBGyM5tHp43
TgPfkXMoHzbEki285aRuvL6UzL6uWLufa0wN6EF6cYJynVNcytdfjwLCK1DXlG7G
VaKnDN35g5VR9xZ3wnDXjUViGNRgbsz57hUY00ru0ymc5IikUHYx2HQhkCIS5N8u
dfB4+0aKlSmFQtXKDDRO4IadsWwASJJgDbPgffixRdqu25t9KCTvbBj8gYZ1kkIx
X79NGTZeVKa//bR+nAWa+j+LxlKTtrjwAR8S4fz65Y8n282roao=
=5WWK
-----END PGP SIGNATURE-----