it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5941-1] gst-plugins-bad1.0 security update
- Date: Wed, 11 Jun 2025 18:56:41 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/aEnRaQMFkRiAloQS AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=CKqYMsH0hmZFD1+xsO4Mf46rV66JzkskFHI+EenqyJ4=; b=dr ligtrhrv4lcGafQt/vKCeBo5C+vFPHEUKrH/rInfyIlBtyxJcob3GVtq45jwUXHRK9Ae2K218u4T1 FUpB6aa75GJPvPiGZnQKZzPVH8LESUqBuWf4JUX1ESxmmeJOsWxgG/Z6aT60KOROuJYHg/8FdVchS Uik38VEBILT9u636khojEWaap01mdCeOq8t08kMuvko420qzdSnzHwxVkEwZ2l1Rj+UbJ8FeQqR16 veKTjV8n6MoV3pmsBgut21YkZ0U2pv4ZiTw3nEesAxUwyVM2uFFyuacNWa7qipPyWyjbSzSUnusUe xavc47TAOMpsoNouUGTny9ZCCtSHz8NQ==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 11 Jun 2025 18:57:06 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <-X5X0sd2sEB.A.-ZbC.CGdSoB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5941-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 11, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gst-plugins-bad1.0
CVE ID : CVE-2025-3887
Multiple vulnerabilities were discovered in the H.265 plugin for the
GStreamer media framework, which may result in denial of service or
potentially the execution of arbitrary code if a malformed media file
is opened.
For the stable distribution (bookworm), this problem has been fixed in
version 1.22.0-4+deb12u6.
We recommend that you upgrade your gst-plugins-bad1.0 packages.
For the detailed security status of gst-plugins-bad1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmhJ0UkACgkQEMKTtsN8
TjZ7mQ//QQkdG8FsO/Cx6+DcQcgY5Ybt4FHCTNt7M8YpGBBW8NhwEVjYXtBwfaHj
WBuo2fEX+ME4+RLw2YGVGWqdCN5VsOMDgokJTJsw2IYdyBgM4UBjcrT05a7vwS96
tdGBmsFF3GkM25CbnaYwXvSrxhycsjBRRuA41B5hg7c8/jHp6mC/M8Dc12gUsuAr
xnFsSQaIzZtCZcE1lGXWkB34pDX7x8+etrQlT9N2c5LGg0YsxwyXgD+5ni6YoHYE
YqRqwZk4QyQ5/R5HAb1RiH7oKkELmgSnP+orLrUANditcAnIRPZ7gI1vDADDAk5f
C4cCwaSx7YBxySU5m7M3tiMKOTsHez4NMnTt4SgRJg/1++acx7CIIH7APd4lCia9
TO+CJSjokfcKvG2A8IDFiVO0qc3/1F/5xGSc6bpjqOVytcRNg8L8nJaJtBRBH1hV
idrw2SY5xJoTXLgM5gOyTCiJ/oKHF/cDWuXTEufg7KO2COXuj9tpN4oGf+7/7OIH
ls/xyMv+YgvvShOj8bofEBQHkjSHQfho0b4lK97N8Ko/C7vUp5EdSI5+mu522zpN
yBOPCFKGHLKJYH6Jx0kLXQG2lBKh1Oe+2Yw8EiFkBLm12QMdc/oCZoardLXwl8sJ
4tg7MLuWmVA0BKB4VUSclAm7kMkAvQ0DAQeloumMgPEP5p/L4zw=
=fj/F
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5941-1] gst-plugins-bad1.0 security update, Moritz Muehlenhoff, 11.06.2025
Archiv bereitgestellt durch MHonArc 2.6.19+.