Format: 1.8 Date: Tue, 28 Nov 2023 13:33:46 -0500 Source: gst-plugins-bad1.0 Binary: gir1.2-gst-plugins-bad-1.0 gstreamer1.0-plugins-bad gstreamer1.0-plugins-bad-dbg libgstreamer-plugins-bad1.0-0 libgstreamer-plugins-bad1.0-dev Architecture: i386 Version: 1.16.3-0ubuntu1.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gir1.2-gst-plugins-bad-1.0 - GObject introspection data for the GStreamer libraries from the " gstreamer1.0-plugins-bad - GStreamer plugins from the "bad" set gstreamer1.0-plugins-bad-dbg - GStreamer plugins from the "bad" set (debug symbols) libgstreamer-plugins-bad1.0-0 - GStreamer libraries from the "bad" set libgstreamer-plugins-bad1.0-dev - GStreamer development files for libraries from the "bad" set Launchpad-Bugs-Fixed: 2035585 Changes: gst-plugins-bad1.0 (1.16.3-0ubuntu1.1) focal-security; urgency=medium . [ Luís Infante da Câmara ] * SECURITY UPDATE: Heap buffer overflow in dvdspu (LP: #2035585) - debian/patches/CVE-2023-37329-1.patch: Make sure enough data is allocated for the available data. - debian/patches/CVE-2023-37329-2.patch: Avoid integer overflow when checking if enough data is available. - CVE-2023-37329 . [ Marc Deslauriers ] * SECURITY UPDATE: integer overflow in MXF file handling - debian/patches/CVE-2023-40474.patch: fix integer overflow causing out of bounds writes when handling invalid uncompressed video in gst/mxf/mxfup.c. - CVE-2023-40474 * SECURITY UPDATE: integer overflow in MXF file handling - debian/patches/CVE-2023-40475.patch: check number of channels for AES3 audio in gst/mxf/mxfd10.c. - CVE-2023-40475 * SECURITY UPDATE: integer overflow in H.265 video parser - debian/patches/CVE-2023-40476.patch: fix possible overflow using max_sub_layers_minus1 in gst-libs/gst/codecparsers/gsth265parser.c. - CVE-2023-40476 * SECURITY UPDATE: MXF demuxer use-after-free - debian/patches/CVE-2023-44446.patch: store GstMXFDemuxEssenceTrack in their own fixed allocation in gst/mxf/mxfdemux.*. - CVE-2023-44446 Checksums-Sha1: 969f2175fb60f9a95d84718bcb96ef785743ec4d 35004 gir1.2-gst-plugins-bad-1.0_1.16.3-0ubuntu1.1_i386.deb 1e1e77fbaebe1a67b7209b7bc7fa65809169a15a 28899 gst-plugins-bad1.0_1.16.3-0ubuntu1.1_i386.buildinfo 9d7a0867176e056776bf2abf5a84d94395a9383c 9244896 gstreamer1.0-plugins-bad-dbg_1.16.3-0ubuntu1.1_i386.deb 068f74fe0be4f9894692b76aecd716461125fc88 1785664 gstreamer1.0-plugins-bad_1.16.3-0ubuntu1.1_i386.deb 990cc7940d351555004fe567902ef9499f190d25 325192 libgstreamer-plugins-bad1.0-0_1.16.3-0ubuntu1.1_i386.deb dbc0129784a7be09194ff3c79b94fe332c4b79bb 112844 libgstreamer-plugins-bad1.0-dev_1.16.3-0ubuntu1.1_i386.deb Checksums-Sha256: cf39a81b29a623ee3f89f55dac1df1c7d413b34b306fcf1dcf1e31ef6f564fea 35004 gir1.2-gst-plugins-bad-1.0_1.16.3-0ubuntu1.1_i386.deb ab9c293f245530594ac2ec3f29d821e3cd9bac2107974f102ac232e1b9fd536b 28899 gst-plugins-bad1.0_1.16.3-0ubuntu1.1_i386.buildinfo 8a6bfed1c6d375b15a4929d1d88948be1c412378658f78aa83f0cb73871fa102 9244896 gstreamer1.0-plugins-bad-dbg_1.16.3-0ubuntu1.1_i386.deb 57dbd6bf2fa9c4035ccd5b1a86b4963ce40b003766c65b4c0e3f86ca3240b3b0 1785664 gstreamer1.0-plugins-bad_1.16.3-0ubuntu1.1_i386.deb 1d17dd745946ca104161adc93bdb5923b263dcfb905e2efa6e0f51420883a1c1 325192 libgstreamer-plugins-bad1.0-0_1.16.3-0ubuntu1.1_i386.deb ffe2cc84330cd7fb3dec8a3c57052e07c8504462de1626a98bdc9635a61e997d 112844 libgstreamer-plugins-bad1.0-dev_1.16.3-0ubuntu1.1_i386.deb Files: 5dca04b5a8cc6526a815ce9903a47656 35004 introspection extra gir1.2-gst-plugins-bad-1.0_1.16.3-0ubuntu1.1_i386.deb 812b753682addfa312945000f7ef4ac6 28899 libs extra gst-plugins-bad1.0_1.16.3-0ubuntu1.1_i386.buildinfo 7cf0131795e655ab8b776d64a64afca8 9244896 debug extra gstreamer1.0-plugins-bad-dbg_1.16.3-0ubuntu1.1_i386.deb 403c87107a5d74b287a80eeb33115c4a 1785664 libs extra gstreamer1.0-plugins-bad_1.16.3-0ubuntu1.1_i386.deb e094df9e3bf8edc86fdcaeb038c60268 325192 libs extra libgstreamer-plugins-bad1.0-0_1.16.3-0ubuntu1.1_i386.deb ff0f794c4fe0cfce9f2581690a2f49b1 112844 libdevel extra libgstreamer-plugins-bad1.0-dev_1.16.3-0ubuntu1.1_i386.deb Original-Maintainer: Maintainers of GStreamer packages