it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5702-1] gst-plugins-base1.0 security update
- Date: Sat, 01 Jun 2024 07:20:41 +0000
- List-archive: https://lists.debian.org/msgid-search/E1sDJ2f-009U2A-FU AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=XxuxseZUkYodGCOU6SoRteaylKY46nHpEgeUukgOOho=; b=Dp HLxlZHbdx9HrTXnJyYEQRyI93RjNRR2ThQgJJw1TvsRXKxVS6jQNIlHhjFxoKo8CwkzwFDFcKSYWh hzmIfRASHqhla2renB35cqH1gZ6PBqQmacImsgFB4JWnvrsmaaUoXfT8r6VwHQos8gWdyvW/NoZbF 1igQenOFP7y84MxhB44nU3LBfTE58LpZvkQLrwGhqWMC0SsDY5M1GX2cmJtssKcFTgsxtZ3LccqYJ eZFqjzr+V7xONpeZGyisOpkvnEAZKUOG7sxHfXcYm6hNZdJ2uzoZA4w4LaeOu451RC55/T3BJPyFL r2+lBRZQQJelaGp2HfMbrvp0Bc95DuKQ==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Sat, 1 Jun 2024 07:21:04 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <FLbarJrIIcG.A.KiZM.gvsWmB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5702-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 01, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gst-plugins-base1.0
CVE ID : CVE-2024-4453
An integer overflow in the EXIF metadata parsing was discovered in the
GStreamer media framework, which may result in denial of service or
potentially the execution of arbitrary code if a malformed file is
processed.
For the oldstable distribution (bullseye), this problem has been fixed
in version 1.18.4-2+deb11u2.
For the stable distribution (bookworm), this problem has been fixed in
version 1.22.0-3+deb12u2.
We recommend that you upgrade your gst-plugins-base1.0 packages.
For the detailed security status of gst-plugins-base1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-base1.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZay4pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RlARAAmIfIncL6OtrDoqmsIdVoAhc3ouI+X6X+GdkTellF4MUxo5e5t7L4AwNC
SxLAHqbqEgYRicB4pn6gv8AMBzN1Sn/8i3l8V74Eh93IVaId11hbXPEY4YUM3/Md
bHQNf8HYkBxfB0PbkuuIWiZpxRTbI9eyo0TwzzF4r74J2032k3hH5hHA+dbO8RiU
l//tv3WYpimyL6xrtxM7duws9r3iloEgUNHC2igJVZ0VRnYfmhIF23euzbcCbOal
pufHn7DR5CSbp0y2DMDIjwOu14ZJSvvgKzr1knH2t/zW2TuHnVwbDoSP1KBvpcqe
8kaSKcIJZoetxsIv/5wNoVj2IikDUomFO02QPGXIEuMrzYc7ZkX8JC4/+6dgRzKX
gFzPXuAU7gHtcmLLfIRnMkg5FVsbJfSUXDaL5tTW5YZ8aSoBUMHn/dNzfJXGn2oE
0nVce4cf0JpeTwMFYs9xT7xn0XCU8CggUjODGY11jGowPpgOXnLO3y08tx6iJ34M
QPcFSbhFkrRCgWXEhLTF9N0xpnmiYM0VanA3m2zJlBacotOfEG3ipeRrHylMTUun
9ATrxXWvVNY5hSSB7eK9X6RBSvRdtDPzJ5gzbk3zlH7MKIIyx6CiI+Zx51I292K3
6kmi9zmyFBZgnBzPX2Eigp0bNNZlRwOlOFYKwClcdsgO5yvaxX4=
=f9Uv
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5702-1] gst-plugins-base1.0 security update, Salvatore Bonaccorso, 01.06.2024
Archiv bereitgestellt durch MHonArc 2.6.19+.