Your message dated Wed, 13 Dec 2023 07:02:34 +0000 with message-id <e1rdjgm-009x6k...@fasolo.debian.org> and subject line Bug#1056102: fixed in gst-plugins-bad1.0 1.18.4-3+deb11u3 has caused the Debian Bug report #1056102, regarding gst-plugins-bad1.0: CVE-2023-44429: AV1 codec parser buffer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1056102: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056102 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gst-plugins-bad1.0 Version: 1.22.4-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for gst-plugins-bad1.0. CVE-2023-44429[0]: | AV1 codec parser buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-44429 https://www.cve.org/CVERecord?id=CVE-2023-44429 [1] https://gstreamer.freedesktop.org/security/sa-2023-0009.html [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b76a801f57353b893c344025cac56413140fca6d Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gst-plugins-bad1.0 Source-Version: 1.18.4-3+deb11u3 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of gst-plugins-bad1.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1056...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated gst-plugins-bad1.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 21 Nov 2023 20:33:07 +0100 Source: gst-plugins-bad1.0 Architecture: source Version: 1.18.4-3+deb11u3 Distribution: bullseye-security Urgency: high Maintainer: Maintainers of GStreamer packages <gst-plugins-bad...@packages.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1056101 1056102 Changes: gst-plugins-bad1.0 (1.18.4-3+deb11u3) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * codecparsers: av1: Clip max tile rows and cols values (CVE-2023-44429) (Closes: #1056102) * mxfdemux: Store GstMXFDemuxEssenceTrack in their own fixed allocation (CVE-2023-44446) (Closes: #1056101) Checksums-Sha1: 27641d9eaef46903952106896d14c2c32ba2a4e2 5791 gst-plugins-bad1.0_1.18.4-3+deb11u3.dsc 93f3bf57842d7fa3d5e369de34679cb4f284deb6 37308 gst-plugins-bad1.0_1.18.4-3+deb11u3.debian.tar.xz e3cc4da36ee77c610a95a85eee1d77c7d0002c47 7460 gst-plugins-bad1.0_1.18.4-3+deb11u3_source.buildinfo Checksums-Sha256: d0bdabaa255f65ef06e7fb737c179ae8e4e3003812c7d1af1710f025f63b02c8 5791 gst-plugins-bad1.0_1.18.4-3+deb11u3.dsc 013275e3ce4a6e31b6c50bfbaf81c937dc54fca20b9e652a87cc9bd965ad841d 37308 gst-plugins-bad1.0_1.18.4-3+deb11u3.debian.tar.xz a05ab4d280d4e0dde4962da9d35c5fcd6164deae4c436e6209a54dfbf0e73972 7460 gst-plugins-bad1.0_1.18.4-3+deb11u3_source.buildinfo Files: 81a0b66d6c429ea09ab7d26f4bc90532 5791 libs optional gst-plugins-bad1.0_1.18.4-3+deb11u3.dsc df84a4c357284ef44ecce9346e5ade0f 37308 libs optional gst-plugins-bad1.0_1.18.4-3+deb11u3.debian.tar.xz d5376c3c77c62dbe78e2261c46ba0be4 7460 libs optional gst-plugins-bad1.0_1.18.4-3+deb11u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVdBiZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EfiAP/jVIBaFEllnmjap6N4xZ/HAXsmRy+FSw RUL9F+AyM+cZGKczxyagBM8raALmGW4JhO+jOf3f7ASaINtnhFXrKiBXcVP6Sjq0 D6ONa7qPew6pPALPTFfBVvLil+DN82rs8tog0RxiG0FawilwVnVvzImILVgHiBvW 8HUL4yJjdwzB4vgltb1HHsb5caSi1mdVBr3JD+KCO2aaUYx5pOJcLarVrWyrJo2W RjHvUixmvTNT44/0iYSCmxaE3hEhSoBHMg7YVOc5SZCqYcxc2dsPJQeqqhQxxnvC +rmKxOBOrxhgFE2AcYudgcWUD7EKFlZgDAb6JH8C6nP13+mIT2+4PjK9YRKn95Tc k9EARtGqwU/eXaFRVU5B6BYfjNRJYLm6dH23BmoC/XyhqlYY482dUAXal8EeUhz7 Gj1rv/wTIKLlwfw5TrHw3k/bcVzHb1hwYGBEJeWRvnKu8dAwJkdZgs3ToJZiILgU 3TvrJCTFdfYXYbdP2qctzFQCgq0nkwE5V5FJzesklyrGlToEZPM+F4BvkJVJ/SEX o0rP/Nu6GKm0iza2Baptbsj+YeiKCxu3ffYIE0arvtAg70q2QH4rKTHkitMPGVgQ oinz7QYp0p7Qk0Dca/eBTiL3fWJXVO9sY9xhF8BOHz1NE1PCUB4hpbqXQGEnfYvb HbiR50n2VdwU =yaG1 -----END PGP SIGNATURE-----
--- End Message ---
