Debian Patches
Status for gst-plugins-base1.0/1.18.4-2+deb11u3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2024-47607.patch | [PATCH] opusdec: Set at most 64 channels to NONE position Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-116 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871 |
=?utf-8?q?Sebastian_Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2024-10-01 | ||
| GST-2023-0001_GST-2023-0002.patch | no | |||||
| exiftag-Prevent-integer-overflows-and-out-of-bounds-.patch | exiftag: Prevent integer overflows and out of bounds reads when handling undefined tags https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e33578a3c2b85a68962003bd053abda9409e73a2 Fixes ZDI-CAN-23896 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3483 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | yes | upstream | 2024-04-25 | |
| CVE-2024-47538.patch | CVE-2024-47538 [PATCH] vorbisdec: Set at most 64 channels to NONE position Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-115 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869 |
=?utf-8?q?Sebastian_Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2024-09-30 | ||
| CVE-2024-47541.patch | [PATCH] ssaparse: Don't use strstr() on strings that are potentially not NULL-terminated | =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2024-09-30 | ||
| 0005-CVE-2024-47542-id3v2-Don-t-try-parsing-extended-head.patch | CVE-2024-47542 id3v2: Don't try parsing extended header if not enough data is available Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-235 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842 |
=?utf-8?q?Sebastian_Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2024-09-26 | ||
| CVE-2024-47600.patch | [PATCH] discoverer: Don't print channel layout for more than 64 channels 64+ channels are always unpositioned / unknown layout. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-248 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864 |
=?utf-8?q?Sebastian_Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2024-09-30 | ||
| CVE-2024-47615.patch | [PATCH] vorbis_parse: check writes to GstOggStream.vorbis_mode_sizes Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-117 Fixes gstreamer#3875 Also perform out-of-bounds check for accesses to op->packet |
Mathieu Duponchelle <mathieu@centricular.com> | no | 2024-10-02 | ||
| CVE-2024-47835.patch | [PATCH] subparse: Check for NULL return of strchr() when parsing LRC subtitles Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-263 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892 |
=?utf-8?q?Sebastian_Dr=C3=B6ge?= <sebastian@centricular.com> | no | 2024-10-09 |
All known versions for source package 'gst-plugins-base1.0'
- 1.25.90-1 (experimental)
- 1.24.12-1 (sid, trixie)
- 1.22.0-3+deb12u4 (bookworm)
- 1.22.0-3+deb12u3 (bookworm-security)
- 1.18.4-2+deb11u3 (bullseye-security)
- 1.18.4-2+deb11u2 (bullseye)