it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5533-1] gst-plugins-bad1.0 security update
- Date: Tue, 24 Oct 2023 20:58:56 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1qvOUK-00BUyK-1n AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=C+/AlfHwmw91bx2CMp7xp2yBZGKeftfkWuSD7yBmpqs=; b=ZY kdcy80ESzwLCyou6VAWvGZi47mFbC9/JAuB1el2mWQC1JOVcTSoJKzIsujy+6X+RLZBjfqZdsTp24 W82n0bqMQrutxiWfF7WMwEpIbU5yb5jJdlb3pK8iemqvxiaMd3Y9BL/82AExq03ziacP5dGD7IL0B EZ9f5tVA3gM15mBIqmWT4kgtgq+gdRX4+DGzknPYbPar9Vqj9mYRgZvRh11NOvIBjbUnxAGY9eME3 j5y/fLsxooVztsvmNKVdJGhbDq0+XZsRaGPfmG2uMpE5hOhaFo2m+7yfsDlIN9DegoZGd8xKUZgGB QXHRzWjPD0LTB9WLD4P5SLGQaSUkGlmw==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Tue, 24 Oct 2023 20:59:24 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <gGOG7coW6hJ.A.FrC.sADOlB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5533-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 24, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gst-plugins-bad1.0
CVE ID : CVE-2023-40474 CVE-2023-40475 CVE-2023-40476
Debian Bug : 1053259 1053260 1053261
Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework and its codecs and demuxers, which may result in denial
of service or potentially the execution of arbitrary code if a malformed
media file is opened.
For the oldstable distribution (bullseye), these problems have been fixed
in version 1.18.4-3+deb11u2.
For the stable distribution (bookworm), these problems have been fixed in
version 1.22.0-4+deb12u2.
We recommend that you upgrade your gst-plugins-bad1.0 packages.
For the detailed security status of gst-plugins-bad1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU4L/BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TxqQ//eRO99HAGSxBpe+slujteJrf9SkyJBdolvoEvz2ZjbiDVSJlwcGdpeYI+
61ADafQx5L/klbx9FJoiIgRq9OtfzQMAMH3RBhL637EuzFOeQBwBWAQBqs6/MAbi
tiYrFusMxPUsxt8EEBCrDZSCOgyW+HOP2nKnmxsx1LnVvYbdHF15m7hRoj6SKvpG
Kf8oCHzFKG+4iEKzrSPPRjxVe1ao7I1/xzVPvDN6pFibj3wNNBRM+a5KyHpaAcpw
F0V9yT+qYr9FJQEaaIk3rx5JtzNw1KHn8qds8wTZh71mGRI8WkAls8DeKNAE4xtz
SGF/SLAUfKukRdYYk2IKe2zLzcrn/KCq9wcdGLOm2ufKJNeiNZUHIr0GxIf/hPOa
Kh6yauX7CbUPbYlMRvG1ikt5i3uywNoaClyRXv/8viYrZJC8FfW7Q702UrbBzXzc
fkG2jhYXboaZmaMZeX/jXp1tw/GmOvZoPkxQfaf9QHG57ly3gu132dKezzAmXQS8
DHrDFvTqL8QKbS9532YvMsS6/JTMqnoZ6ykcSjgXn1pOedxENxA0xw6S0K9aV4PJ
CR9i3DK7CRe/Sf53IlK6+zhsBgrXce3TU8EOAz9PavICEedVaOSIwnW/uPyxQlNe
omGF2ka6RC4NvK42/i8SioDWNHtVpUYA/L6hhRrLXP2V9hGHznU=
=GYlt
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5533-1] gst-plugins-bad1.0 security update, Salvatore Bonaccorso, 24.10.2023
Archiv bereitgestellt durch MHonArc 2.6.24.