[SECURITY] [DLA 830-1] gst-plugins-bad0.10 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 830-1] gst-plugins-bad0.10 security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Sat, 18 Feb 2017 19:25:00 +0100
Message-id: <[🔎] e678c86f-8c72-3c9d-73a1-436fc563c8a8@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : gst-plugins-bad0.10
Version        : 0.10.23-7.1+deb7u5
CVE ID         : CVE-2017-5843 CVE-2017-5848

Some memory management issues were found in the GStreamer "bad" plugins:

CVE-2017-5843

    A use after free issue was found in the mxfdemux element, which can
    can be triggered via a maliciously crafted file.

CVE-2017-5848

    The psdemux was vulnerable to several invalid reads, which could be
    triggered via a maliciously crafted file.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.23-7.1+deb7u5.

We recommend that you upgrade your gst-plugins-bad0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAliokXwACgkQnUbEiOQ2
gwJmTBAA0IaKn9tM3LTq0ZDIGpQp1LSpv1PwgVwtBxhCkh+LyU7QMkud0e7xxBAr
U03ZU5h2F/8Kqo1tDvrtiKw97X/0EGpJr7YLsge6byl5ribOXRSycNF7vqKcWgZW
KL7AxHcjQH1St8EV60CDQd9h6VImCCvQ2LvcRjS4bNRTquonpcgYpz52cIWAD7G0
u40ba/HzvfHncnXqjN9t5soTgc2zQ+Ulg+D7y70cFd600FK3VbX6SgwFAie1FQRG
X/dSpyBSsP9TLCIiV+FVXZVb8TbDLofu9PTQOIZ4Xf5yphF8mSg07DkYXhbOmKCT
KgxVEPGlQ7w6j6ISAqcmcAIbCPrq8MRhXiPfq93QZn2gJTFkHQQhdkUONw6epltS
+oTy6Qn1Omydw8sGFz/XoDwqdZCkkPlwW9rEVBcDpgVxItUKAVMiYMzLIBGCBb5T
fB1MxRQCWeDsXGZLqcL8I/MteSOxsJP6sOqGcNrZUzXrYzp5CastajLvaHDXt2LH
QeYZnEE9rec7b4EJ56MaqcxwC3RYfQXJACpbojIlu7Idkf/Lz2klGeHOQuqs7oOA
AYLYEyUJOWVITjxJtg/wDOVQLS1MgC/oWOcWILHIzJgh6elI0u4BbBfEp0fObK6y
kWBVM3H3RbcHUe7yhNKyPzX2e7RPS9y/sNIB8L5b8nCJbJwnJYY=
=PSpx
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 829-1] gst-plugins-ugly0.10 security update
Next by Date: [SECURITY] [DLA 831-1] gtk-vnc security update
Previous by thread: [SECURITY] [DLA 829-1] gst-plugins-ugly0.10 security update
Next by thread: [SECURITY] [DLA 831-1] gtk-vnc security update
Index(es):
- Date
- Thread