https://gstreamer.freedesktop.org/security/sa-2023-0006.html reports: Details: Heap-based buffer overflow in the MXF file demuxer when handling malformed files with uncompressed video in GStreamer versions before 1.22.6. Impact: It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. Patches: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch (includes patch for SA-2023-0007 / ZDI-CAN-21661 / CVE-2023-40475) https://gstreamer.freedesktop.org/security/sa-2023-0007.html reports: Details: Heap-based buffer overflow in the MXF file demuxer when handling malformed files with AES3 audio in GStreamer versions before 1.22.6. Impact: It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. Patches: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch (includes patch for SA-2023-0006 / ZDI-CAN-21660 / CVE-2023-40474) https://gstreamer.freedesktop.org/security/sa-2023-0008.html reports: Details: Stack-based buffer overflow in the H.265 video parser when handling malformed H.265 video streams in GStreamer versions before 1.22.6. Impact: It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through stack manipulation. Patches: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364.patch Fixes all in 1.22.6. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=921fdfc2e59cfb6143b33056ca4b215f65be248b commit 921fdfc2e59cfb6143b33056ca4b215f65be248b Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2024-04-30 07:47:59 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2024-04-30 08:23:47 +0000 media-libs/gst-plugins-bad: drop 1.20.5-r1, 1.20.6 Bug: https://bugs.gentoo.org/918095 Signed-off-by: Mart Raudsepp <leio@gentoo.org> media-libs/gst-plugins-bad/Manifest | 2 - .../gst-plugins-bad-1.20.5-r1.ebuild | 104 --------------------- .../gst-plugins-bad/gst-plugins-bad-1.20.6.ebuild | 104 --------------------- 3 files changed, 210 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=0715db682a941540ce2f4ccb909d8f446c05e0ce commit 0715db682a941540ce2f4ccb909d8f446c05e0ce Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2024-06-29 05:46:23 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-06-29 05:46:23 +0000 [ GLSA 202406-06 ] GStreamer, GStreamer Plugins: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/917791 Bug: https://bugs.gentoo.org/918095 Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202406-06.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+)
