Debian Patches

Status for gst-plugins-base1.0/1.22.0-3+deb12u5

Patch	Description	Author	Forwarded	Bugs	Origin	Last update
GST-2023-0001_GST-2023-0002.patch			no
exiftag-Prevent-integer-overflows-and-out-of-bounds-.patch	exiftag: Prevent integer overflows and out of bounds reads when handling undefined tags https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e33578a3c2b85a68962003bd053abda9409e73a2 Fixes ZDI-CAN-23896 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3483	=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>	yes	upstream		2024-04-25
CVE-2024-47538.patch	[PATCH] vorbisdec: Set at most 64 channels to NONE position Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-115 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869	=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>	no			2024-09-30
CVE-2024-47541.patch	[PATCH] ssaparse: Don't use strstr() on strings that are potentially not NULL-terminated	=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>	no			2024-09-30
CVE-2024-47600.patch	[PATCH] discoverer: Don't print channel layout for more than 64 channels 64+ channels are always unpositioned / unknown layout. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-248 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864	=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>	no			2024-09-30
CVE-2024-47607.patch	[PATCH] opusdec: Set at most 64 channels to NONE position Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-116 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871	=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>	no			2024-10-01
CVE-2024-47615.patch	[PATCH] vorbis_parse: check writes to GstOggStream.vorbis_mode_sizes Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-117 Fixes gstreamer#3875 Also perform out-of-bounds check for accesses to op->packet	Mathieu Duponchelle <mathieu@centricular.com>	no			2024-10-02
CVE-2024-47835.patch	[PATCH] subparse: Check for NULL return of strchr() when parsing LRC subtitles Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-263 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892	=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>	no			2024-10-09
id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch	id3v2: Don't try parsing extended header if not enough data is available Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-235 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842	=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>	no		https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/95aabc1976bfe0f3c013b6da033fcd8465078219	2024-09-26
CVE-2025-47806.patch	[PATCH] subparse: Make sure that subrip time string is not too long before zero-padding Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4419 Fixes CVE-2025-47806	=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>	no			2025-05-08
CVE-2025-47807.patch	[PATCH] subparse: Check for valid UTF-8 before cleaning up lines and check for regex replace errors Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4418 Fixes CVE-2025-47807	=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>	no			2025-05-08
CVE-2025-47808.patch	[PATCH] tmplayer: Don't append NULL + 1 to the string buffer when parsing lines without text Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4417 Fixes CVE-2025-47808	=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>	no			2025-05-08

All known versions for source package 'gst-plugins-base1.0'

1.27.2-1 (experimental)
1.26.6-3 (sid)
1.26.6-1 (forky)
1.26.2-1 (trixie)
1.22.0-3+deb12u5 (bookworm)
1.22.0-3+deb12u3 (bookworm-security)

Links