[SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Fri, 28 Feb 2020 23:32:53 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.2002282329210.6110@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : gst-plugins-base0.10
Version        : 0.10.36-2+deb8u2
CVE ID         : CVE-2016-9811 CVE-2017-5837 CVE-2017-5844

Some isses have been found in gst-plugins-base0.10, a package thatprovides GStreamer plugins from the "base" set.All issues are related to crafted ico-files that could result in anout-of-bounds read or crafted video- and ASDF-files that could producefloating point exceptions, which could cause a denial of service.



For Debian 8 "Jessie", these problems have been fixed in version
0.10.36-2+deb8u2.

We recommend that you upgrade your gst-plugins-base0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl5ZlRVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfumQ//ZK3RtlrBWVfwGjgvsPpHntuGL5D78zahPnrQoQoHQX0ckQV9G9i2CHie
g2JepWJi/n5hciepAnRlPNf89ve1A+bR1JQ38x2fG55Jr9EzkCLKfk3PzN67T+5z
xkiszboALkwdysefmb6iFU4w5iJwBXjzmHTRfUXgJ8iw/yv5mlK1DiNO8YuxWiBt
C0+5CutSFC2lGz+WFc61DT3C1e/ztUFNKCN4iZ0JE+5L9yjTkzMySX4XnppfJmc4
pFwUv/XRj1XXC3CdpxIb0FCgjJMEEc0J2UNHH14zmOxNN9RSaTeIc44qCSvwM90T
+nixl/ZFw2RkH6cVJ3XPe1lo1xkzgGVy/H1pSqRZAlejMqjdyuZXZ1jLyW42RQ4V
pH9YKlBDM874vaTmavgEZZlav4t6CjUMtlacfJDPmfjzJ5T0dMacLcMDs5VK/hB3
nzJnvzNC6+QGOLgd2fqjfSbB1ziWB8veygHex8WZxcXFLSfwJNaubWR2xU84V9ln
mL7kkh2Hzs9LAn+6Jw1bk1lzRMXoZ0Dk5w8CKdOlMH5PmklNxwGQtv7Z8GEHxweW
h2rQNVhkcOEe7sXewtE97bc+KVsTrr5qHqhCMr+e4EY73sOWOmoJpaY3YaoeDrAR
jjKguKUD2yYjnVwAGVhy/hSekIoDN+Bv1xuAV3BrGhV3RQm3BDE=
=oaww
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2125-1] collabtive security update
Next by Date: [SECURITY] [DLA 2127-1] dojo security update
Previous by thread: [SECURITY] [DLA 2125-1] collabtive security update
Next by thread: [SECURITY] [DLA 2127-1] dojo security update
Index(es):
- Date
- Thread