Your message dated Sat, 04 Nov 2023 12:48:11 +0000 with message-id <e1qzg4r-001ii0...@fasolo.debian.org> and subject line Bug#1053261: fixed in gst-plugins-bad1.0 1.18.4-3+deb11u2 has caused the Debian Bug report #1053261, regarding gst-plugins-bad1.0: CVE-2023-40474 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1053261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053261 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gst-plugins-bad1.0 Version: 1.22.4-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for gst-plugins-bad1.0. CVE-2023-40474[0]: | Integer overflow leading to heap overwrite in MXF file handling with | uncompressed video If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40474 https://www.cve.org/CVERecord?id=CVE-2023-40474 [1] https://gstreamer.freedesktop.org/security/sa-2023-0006.html [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ce17e968e4cf900d28ca5b46f6e095febc42b4f0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gst-plugins-bad1.0 Source-Version: 1.18.4-3+deb11u2 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of gst-plugins-bad1.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1053...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated gst-plugins-bad1.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Oct 2023 22:34:42 +0200 Source: gst-plugins-bad1.0 Architecture: source Version: 1.18.4-3+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: Maintainers of GStreamer packages <gst-plugins-bad...@packages.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1053259 1053260 1053261 Changes: gst-plugins-bad1.0 (1.18.4-3+deb11u2) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * h265parser: Fix possible overflow using max_sub_layers_minus1 (CVE-2023-40476) (Closes: #1053259) * mxfdemux: Fix integer overflow causing out of bounds writes when handling invalid uncompressed video (CVE-2023-40474) (Closes: #1053261) * mxfdemux: Check number of channels for AES3 audio (CVE-2023-40475) (Closes: #1053260) Checksums-Sha1: ba222f3955d789ab90302f79b07071afc27244a5 5791 gst-plugins-bad1.0_1.18.4-3+deb11u2.dsc d198adcd5d89897c9efd0fcb7b7712c08cf7883e 34924 gst-plugins-bad1.0_1.18.4-3+deb11u2.debian.tar.xz 3447a7c1f53e69cdf777f1de8d6042e4619f1e13 7448 gst-plugins-bad1.0_1.18.4-3+deb11u2_source.buildinfo Checksums-Sha256: 66a554a03b50a21b1c2c3eecd1e67ab39131ac13715e16f2bd5d9238034f4f66 5791 gst-plugins-bad1.0_1.18.4-3+deb11u2.dsc fb19fbb975abcc555b6c06e8b750aa5f14429269287297c434f8c5722f713689 34924 gst-plugins-bad1.0_1.18.4-3+deb11u2.debian.tar.xz bde1518cbad61b963a21cdd4b2000a6247381712d087170f011825710df309ae 7448 gst-plugins-bad1.0_1.18.4-3+deb11u2_source.buildinfo Files: 6d1213ca745a1d17941fe420157b5887 5791 libs optional gst-plugins-bad1.0_1.18.4-3+deb11u2.dsc 5cbb227a790c7c5d4219553dae36cf36 34924 libs optional gst-plugins-bad1.0_1.18.4-3+deb11u2.debian.tar.xz 9ed18b26ce6eb5fb6730b4bf68bb2c65 7448 libs optional gst-plugins-bad1.0_1.18.4-3+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUhxtNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E5RIP/jeEKsIhBkIhCIUmCF51mQ8qUZJV1bBm XOomI8MlxNqtZGpUo29G3xZdx5b5muEKG5aPsgQUwJqb+TPN+gKUsBkWFMD5oQq2 1nVB/YlBqGGNsi0LvjYaJFnucHC4/rRtOlXR5Fsm3kFTEkFoC/dwQzOCrGIHjqg5 oh+B+aDX9joI4kRiJbz/lULiCDJSKeCpVRTkFU55S4Y4hgd4rLq3y7gX3q/JWZYY sxTDIR7Up3QSRllIglcZHs2xJ9gWzLeiVZwG4pj4j3cxYAhFhSp8y1m6RViYYB1Y Us+YTMnKcoYpvsJLLcTKiC765RD/HQwBIrTUfnoTxKul8siZedPDkUkw0dKakZg9 z55k/ue8K56nifLDXjWF67U6MxS2hgGYUPZZmxeVP11cL/aar5wrB/MOLCUeAcKD xrse7JHID7a5uBoXY1OutmFztsdXHfH2ABc586LII6gGboec9mvYA7sD1EBToPNI icTf8qCthCKDCbgjZrTFizmtCVOw4INCk5u90ag4o1Fn3c2RF2P95JksksR+BlMo jcREsEywspYFYYfmcjYCxzNPZ6xrknv+LjrJJxxhKsZGbRIwemt5Ykj5Fmzo/giq Bii8RlaiAHW/f8240yaLf6lNe+lrW0aF5WNGdbqk2r6E4m3Qxot2VWBH7WuSjwvE psEFImEDtAl+ =aD3M -----END PGP SIGNATURE-----
--- End Message ---
