Your message dated Sat, 28 Oct 2023 20:32:49 +0000 with message-id <e1qwpzf-000zjk...@fasolo.debian.org> and subject line Bug#1053261: fixed in gst-plugins-bad1.0 1.22.0-4+deb12u2 has caused the Debian Bug report #1053261, regarding gst-plugins-bad1.0: CVE-2023-40474 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1053261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053261 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gst-plugins-bad1.0 Version: 1.22.4-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for gst-plugins-bad1.0. CVE-2023-40474[0]: | Integer overflow leading to heap overwrite in MXF file handling with | uncompressed video If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40474 https://www.cve.org/CVERecord?id=CVE-2023-40474 [1] https://gstreamer.freedesktop.org/security/sa-2023-0006.html [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ce17e968e4cf900d28ca5b46f6e095febc42b4f0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gst-plugins-bad1.0 Source-Version: 1.22.0-4+deb12u2 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of gst-plugins-bad1.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1053...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated gst-plugins-bad1.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Oct 2023 21:51:02 +0200 Source: gst-plugins-bad1.0 Architecture: source Version: 1.22.0-4+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: Maintainers of GStreamer packages <gst-plugins-bad...@packages.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1053259 1053260 1053261 Changes: gst-plugins-bad1.0 (1.22.0-4+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * h265parser: Fix possible overflow using max_sub_layers_minus1 (CVE-2023-40476) (Closes: #1053259) * mxfdemux: Fix integer overflow causing out of bounds writes when handling invalid uncompressed video (CVE-2023-40474) (Closes: #1053261) * mxfdemux: Check number of channels for AES3 audio (CVE-2023-40475) (Closes: #1053260) Checksums-Sha1: 60f9ebea92c636e1961e01f31563d2978fb8f69d 5983 gst-plugins-bad1.0_1.22.0-4+deb12u2.dsc 7cb6a4e765b490c7609af8ce9891928b6bd6b3d8 39848 gst-plugins-bad1.0_1.22.0-4+deb12u2.debian.tar.xz 9a0734e72ab84e047e4ec1d71b012fba5efedd7e 7448 gst-plugins-bad1.0_1.22.0-4+deb12u2_source.buildinfo Checksums-Sha256: f9409168cdf0037fd6873f20ef1857ac319df195624bfb9053961b965390b328 5983 gst-plugins-bad1.0_1.22.0-4+deb12u2.dsc b6d83d631ca7798e4aebcc573e2243a1b3adca127ee648ada4115e9169c2f55d 39848 gst-plugins-bad1.0_1.22.0-4+deb12u2.debian.tar.xz 195953b747f05044700179b20119a5f633058697e5435584bef2edace56f14ec 7448 gst-plugins-bad1.0_1.22.0-4+deb12u2_source.buildinfo Files: 60aa97eb81238ba9abc84e2603832043 5983 libs optional gst-plugins-bad1.0_1.22.0-4+deb12u2.dsc 6a439657dc14bb095096918db9e1637a 39848 libs optional gst-plugins-bad1.0_1.22.0-4+deb12u2.debian.tar.xz 7d464641bd94db3b2fbee6c851cb708e 7448 libs optional gst-plugins-bad1.0_1.22.0-4+deb12u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUhvZtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EuGUP/0yqos6DPF+Lg1LVtEEfbnYdv+cwH9sG f8SETVwBVxWU9ny54wXIoEEEWHnUwnVM7n9ka2r1T/YHRvPLWIef1qgmAtDwQXS4 4xMRe7Wo0UCslVYKZuGorPcp4wZoWT7lv3/+LZfYHvfqzJgY7fx5nzmQ6HBjQWFf n2uULq4gr8n99f2ys1QUyYv5MXzMh2t1XbunzrdjIzHCLkIF4D/bJQP1w2IFW2cz bVqPmkq8ruCSi1jGPVlNbP2blNANIt1qiiz6u+52lbUbKxhJrgbjupZvFQUqyLqI OZXBauRij2Kh6CBkwdbruPp31cRelt1xiixlzwZM9GUdzyNt0xTjoEdUQeju2kii hcMNbqgoJRb+BGe4EBg/ix/ArgXyEFxO3ht1LJk9e6oFhzLgDkh8uHjnJZL/U64f k4rxS2pkmgXYc93TkKx9uLqVvnrC1zj2onA9v3+qSObspEdetpnRgbgwqNL94QkO 4qnmkmior7uzPe5/KH1/NoRjV86UQhyyd+D8Eyy9FiPpeD9pjaGciydBFsW15Q/m DVi++i/B43aXLoE9QsF9JZX6uxxcOQaiT0BlCWp3bTW7+EGl7L1hIRrqfwTKXPT3 I11BAKBs42mW/RFE52/0AxJE7YVjOMSqGj7PDZcbXIgF/C3lGMF/DX4vQEoFhW7H Cc/ktg8PpA/o =1vrY -----END PGP SIGNATURE-----
--- End Message ---
