Your message dated Wed, 29 Nov 2023 00:49:23 +0000 with message-id <e1r88lx-00gbqv...@fasolo.debian.org> and subject line Bug#1053261: fixed in gst-plugins-bad1.0 1.22.7-1 has caused the Debian Bug report #1053261, regarding gst-plugins-bad1.0: CVE-2023-40474 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1053261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053261 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gst-plugins-bad1.0 Version: 1.22.4-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for gst-plugins-bad1.0. CVE-2023-40474[0]: | Integer overflow leading to heap overwrite in MXF file handling with | uncompressed video If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40474 https://www.cve.org/CVERecord?id=CVE-2023-40474 [1] https://gstreamer.freedesktop.org/security/sa-2023-0006.html [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ce17e968e4cf900d28ca5b46f6e095febc42b4f0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gst-plugins-bad1.0 Source-Version: 1.22.7-1 Done: Jeremy Bícha <jbi...@ubuntu.com> We believe that the bug you reported is fixed in the latest version of gst-plugins-bad1.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1053...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jeremy Bícha <jbi...@ubuntu.com> (supplier of updated gst-plugins-bad1.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 28 Nov 2023 19:29:13 -0500 Source: gst-plugins-bad1.0 Built-For-Profiles: noudeb Architecture: source Version: 1.22.7-1 Distribution: unstable Urgency: high Maintainer: Maintainers of GStreamer packages <gst-plugins-bad...@packages.debian.org> Changed-By: Jeremy Bícha <jbi...@ubuntu.com> Closes: 1053259 1053260 1053261 1054382 1056101 1056102 Changes: gst-plugins-bad1.0 (1.22.7-1) unstable; urgency=high . * Team upload * New upstream release (Closes: #1056101, #1056102, #1053259, #1053260, #1053261) - CVE-2023-40474: integer overflow in MXF file handling - CVE-2023-40475: integer overflow in MXF file handling - CVE-2023-40476: integer overflow in H.265 video parser - CVE-2023-44429: AV1 codec parser buffer overflow - CVE-2023-44446: MXF demuxer use-after-free * Update libzxing-dev Build-Depends (Closes: #1054382) Checksums-Sha1: 3a2a64dc461008b2eef8e953f66faec30400cab3 6085 gst-plugins-bad1.0_1.22.7-1.dsc 833643e6d6da3dfb686f830c495ccdaa4269dde1 5542732 gst-plugins-bad1.0_1.22.7.orig.tar.xz a972b851c12ab919db6460144bfba6d4964ed9af 833 gst-plugins-bad1.0_1.22.7.orig.tar.xz.asc 98b167cbebab8adba3c9663eeb21e880f2181d14 37540 gst-plugins-bad1.0_1.22.7-1.debian.tar.xz 7032044a9e03685037ed28cce254472b73d022c6 27029 gst-plugins-bad1.0_1.22.7-1_source.buildinfo Checksums-Sha256: 8db5c255999b12fbcc29f6c0bf2fbb4d9cf2f796b0d846552048bc19afa951ae 6085 gst-plugins-bad1.0_1.22.7-1.dsc c716f8dffa8fac3fb646941af1c6ec72fff05a045131311bf2d049fdc87bce2e 5542732 gst-plugins-bad1.0_1.22.7.orig.tar.xz 41fb0ce07164c8a91018e6b4bb40d0653862e1ca8b14b7291c63f8e8c5d997a4 833 gst-plugins-bad1.0_1.22.7.orig.tar.xz.asc 3581903fefec21966ab33672dfc25854674b9c1cbcb187bb174b2c9a8a984e87 37540 gst-plugins-bad1.0_1.22.7-1.debian.tar.xz 792c0ea15d081ee1090cc5b7a3052e4a537ab1ea9560f2439b2b1ccdd93783ce 27029 gst-plugins-bad1.0_1.22.7-1_source.buildinfo Files: d68c94df68272d4b1d7e0e02328845d9 6085 libs optional gst-plugins-bad1.0_1.22.7-1.dsc 63d4e2811069a0a852782a788b494340 5542732 libs optional gst-plugins-bad1.0_1.22.7.orig.tar.xz c815e1df91c09ab37aeaa68e3180c223 833 libs optional gst-plugins-bad1.0_1.22.7.orig.tar.xz.asc 110c18e0beae2e4e7e7a8a3120223550 37540 libs optional gst-plugins-bad1.0_1.22.7-1.debian.tar.xz 7e969e61d93d16b33e989962ff06cb90 27029 libs optional gst-plugins-bad1.0_1.22.7-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmVmhtwACgkQ5mx3Wuv+ bH1xwRAAuxaaiHO47qIgzoZnopfy/vzoGFDFvMjMfLP9CVuY/74+7dg9xq9voQu3 ryG1bv2w+qVztR0xznVEPhr3qorezqigR+B/T3ZJaAEQ20Yg8lVreZAmjt9FfeCA oJI2oC5K1NZUTz5lglN0M3ckTXsfVvRM4FRhyMxML28fomA/QQ5ShbmeWhP6tNBw 7W6mRLqbbJuBHfYlnthtAm3C4K4zzWidayUYdFQfV176kcfJdAHue/30VoZ23bCX iDGpXsFMThFx9vjl7JjOSBDpuYRTtsfSXNug7Sp0ftVlmyrwwj+sn53nvHEy2ElL hUX/QeIOQ1GXxZR/mo29dAIU3+hz30/+MANGFttxt0nwsJy2jyhMwOaSOgK9EHDC 2i8lMwk5uo22vslCskVfP09io9fGimhLD5V4P9UDZ1RlXRyx1fxxB5LAUmcv0OjE RUgbBwUmmcX7Bwgq5MjJ/FJm16xRCH5BwammueFN0ppiLTKkIeJi2BXikolxtkcH bWgP/e+u/s3HqU8y2dxUBgIRbe5+aYiVmLw0pGrCZJRl3Ll7uvUSStnj9jaxpAli c9MgvRPuI+n0qKgIxdCZgVKysFfQy2WAmiL9Cs7cpxR7i58oEPvmMWqmSbwYmGNq rPlno8PJccaEmEsAQ7fATh1/WvQY1ad9Oy9uNU1hAmO6sltIJMM= =aok5 -----END PGP SIGNATURE-----
--- End Message ---
