[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 828-1] gst-plugins-good0.10 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : gst-plugins-good0.10
Version        : 0.10.31-3+nmu1+deb7u2
CVE ID         : CVE-2016-10198 CVE-2017-5840

Two memory handling issues were found in gst-plugins-good0.10:

CVE-2016-10198

    An invalid read can be triggered in the aacparse element via a
    maliciously crafted file.

CVE-2017-5840

    An out of bounds heap read can be triggered in the qtdemux element
    via a maliciously crafted file.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.31-3+nmu1+deb7u2.

We recommend that you upgrade your gst-plugins-good0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAliokTcACgkQnUbEiOQ2
gwJfxhAAyqi+x+/Cl0U6Wvr11znOT5bu7F3gzcpgXMTqGwDWS/inbLfDZMDNl5Dm
zSLDzMKnYYlxaRr7p7Vr8uG2qvaIhtpG/1j9L25w+32TO9Yc+41g0q1siEvetq97
XCx+ywVJAE9zGZxp+1bAQZMTsTAcdylMYXaqNzvPyJXBjZyKrGz6bxIjrUsrk0Qp
oUck05c/a51/n+8fb+RGYTVZ/ftYfZ8y/MIi/DzgH0rZzzIqLyhIkJLA+LmW0EOZ
MYWkOE1P79wdysXzbgZ1HjlBcDe4J92SjOd+VKoNqIAB/8i9bQs8KKVPM6kpkC8u
wY9zeJnDJnqwfOYfVfrLaZ9RaLBfXbWEhVf0UKmaiL9xA/1GDub1MtdVwwD3qwVE
sqplamHLsVwKuI291Psod1b3SDKIwEBhg8bo6o58zKR2upO0RvaJNBSqkW37dA1R
Fil7uEF68CS+auTz5JUcbB8AmJ1G4UQLuTS/jq8iNIKq/t/D+HYiYf8YbYsnKdua
0zk6FlALP3zqPBsT+iX9RVQ+fkNpNbA0pNzQNrXb2djpeDh8JOBBktaTCCjvIckt
K65s9IMIs5AgZlCtOPCpv2MhARDHKDCJIzHNczL1F1cvMBgC87VygwFni9ai0Z3y
xlRNaxjOXNTyjpiGpnwXHCiL7zg2cSkjaFIEgRR/GE4wYxc1BzA=
=KchM
-----END PGP SIGNATURE-----


Reply to: