Your message dated Wed, 29 Nov 2023 20:34:55 +0000 with message-id <e1r8rgp-003ilh...@fasolo.debian.org> and subject line Bug#1056101: fixed in gst-plugins-bad1.0 1.22.0-4+deb12u3 has caused the Debian Bug report #1056101, regarding gst-plugins-bad1.0: CVE-2023-44446: MXF demuxer use-after-free to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1056101: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056101 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gst-plugins-bad1.0 Version: 1.22.4-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for gst-plugins-bad1.0. CVE-2023-44446[0]: | MXF demuxer use-after-free If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-44446 https://www.cve.org/CVERecord?id=CVE-2023-44446 [1] https://gstreamer.freedesktop.org/security/sa-2023-0010.html [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5635 [3] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7dfaa57b6f9b55f17ffe824bd8988bb71ae11353 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gst-plugins-bad1.0 Source-Version: 1.22.0-4+deb12u3 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of gst-plugins-bad1.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1056...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated gst-plugins-bad1.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 17 Nov 2023 22:47:49 +0100 Source: gst-plugins-bad1.0 Architecture: source Version: 1.22.0-4+deb12u3 Distribution: bookworm-security Urgency: high Maintainer: Maintainers of GStreamer packages <gst-plugins-bad...@packages.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1056101 1056102 Changes: gst-plugins-bad1.0 (1.22.0-4+deb12u3) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * codecparsers: av1: Clip max tile rows and cols values (CVE-2023-44429) (Closes: #1056102) * mxfdemux: Store GstMXFDemuxEssenceTrack in their own fixed allocation (CVE-2023-44446) (Closes: #1056101) Checksums-Sha1: 333f0ac589d81f978ec6054d0c631745179283c1 5983 gst-plugins-bad1.0_1.22.0-4+deb12u3.dsc 43531c66dbfffea87ddfba0ea175e4478da03402 42352 gst-plugins-bad1.0_1.22.0-4+deb12u3.debian.tar.xz 4bccbaba73dc877bfdd93ce920ade4a62078b2d0 7460 gst-plugins-bad1.0_1.22.0-4+deb12u3_source.buildinfo Checksums-Sha256: 7f10b5cffc96a6d9472b4c8de4d289b0aa54eda9a027c595a1dcaf385dd0f15b 5983 gst-plugins-bad1.0_1.22.0-4+deb12u3.dsc c1f4a4ff0acdd88b7548e3172636052ef996fd09afb29c1f19730e78154609e8 42352 gst-plugins-bad1.0_1.22.0-4+deb12u3.debian.tar.xz 84730f10ebbd355278546e3e15a60be9d283e7ec62f976e78e91da45e8a38299 7460 gst-plugins-bad1.0_1.22.0-4+deb12u3_source.buildinfo Files: a39759aada0eac6dd80a600a31d0e2b3 5983 libs optional gst-plugins-bad1.0_1.22.0-4+deb12u3.dsc ebb668362017a54eefbfa33cbbee8e00 42352 libs optional gst-plugins-bad1.0_1.22.0-4+deb12u3.debian.tar.xz 49a511798d2e0b4975dd35c6fdc31366 7460 libs optional gst-plugins-bad1.0_1.22.0-4+deb12u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVX4DdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EzFsP/jcBbLBdHdQUDnUlORR8mTl3XuCEndgw SR/6TaQhU++LvjXPEB10tFcemJom3Cvm2pKbhzFpG2vFRTeAG9trOGYsdoi+tEiP EMYXgSvF025a0SAnjOrDTkl6FgQwKBDaZ4+ST4u5iVso2z3Sdy4Da3ZC6ZPRU7NI 9I2uBtEfjJLxuHFLkhD1kOku2WZeTuPw7CEhuUBNtznaM5W6vhJ4/Rq61CdAI7ug qq6rhgQYyDRe5zJOdoHy9zNEvk2HcRxuF6znzo7Dok2elxOJM8pXtWZdNHg05RN+ 8UmE/hEFaEX2g5+5KPSdOv1JbpzXq+V7Ugb5ZbB8u6yhwk0JD+hMWB7EUbfKi6GA lJMtVBtjebdg5YQLs5y/qbRp026qKFSlVaRRUdg9dz12GfZe7jIpVNYgJ08sDTEA L6/rOzqqfdHELKtyZ3proHoLBvRH6Lf8WqOb5iHobTpDJT4hzgBZBi9GYLC/9Rsd 4UxhvAMnRfRy/V76x6q0cKr1rEzSfwaJ/YxAptmbwLMrBkrZLXzEOB3qrDiuYRKV icnap8DDrD/Xhprc3NiX9C0ZNfEPExmjTfOse+qUg5VWgFISGDijRxDqg3N87Gmh imaywKaaAtb/65JgBc9FAiHgVyWw6xFX/OabAF2WN+zTIn9kF7WgenNwaPlwfIVk FN/FxuMkRjWX =1Cg/ -----END PGP SIGNATURE-----
--- End Message ---
