Univention Bugzilla – Bug 53208
gst-plugins-base1.0: Multiple issues (4.4)
Last modified: 2021-05-05 17:11:39 CEST
New Debian gst-plugins-base1.0 1.10.4-1+deb9u2 fixes: This update addresses the following issue: * 1.10.4-1+deb9u2 (Mon, 26 Apr 2021 12:23:17 +0200) * d/p/0001-tag-id3v2-fix-frame-size-check-and-potential-invalid-reads.patch: + Add upstream patch for fixing invalid reads during ID3v2 tag parsing that can lead to application crashes. * 1.10.4-1+deb9u2 (Mon, 26 Apr 2021 12:23:17 +0200) * d/p/0001-tag-id3v2-fix-frame-size-check-and-potential-invalid-reads.patch: + Add upstream patch for fixing invalid reads during ID3v2 tag parsing that can lead to application crashes. * out-of-bounds read when handling certain ID3v2 tags (CVE-2021-3522)
--- mirror/ftp/4.4/unmaintained/4.4-1/source/gst-plugins-base1.0_1.10.4-1+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/gst-plugins-base1.0_1.10.4-1+deb9u2.dsc @@ -1,3 +1,9 @@ +1.10.4-1+deb9u2 [Mon, 26 Apr 2021 12:23:17 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * d/p/0001-tag-id3v2-fix-frame-size-check-and-potential-invalid-reads.patch: + + Add upstream patch for fixing invalid reads during ID3v2 tag parsing + that can lead to application crashes. + 1.10.4-1+deb9u1 [Mon, 29 Apr 2019 00:17:39 +0200] Moritz Mühlenhoff <jmm@debian.org>: * CVE-2019-9928 (Closes: #927978) <http://piuparts.knut.univention.de/4.4-8/#6809401414047633247>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] d4eff08ec1 Bug #53208: gst-plugins-base1.0 1.10.4-1+deb9u2 doc/errata/staging/gst-plugins-base1.0.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x968>