[SECURITY] [DLA 2225-1] gst-plugins-good0.10 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : gst-plugins-good0.10
Version : 0.10.31-3+nmu4+deb8u3
CVE ID : CVE-2016-10198 CVE-2017-5840
Two memory handling issues were found in gst-plugins-good0.10, a
collection of GStreamer plugins from the "good" set:
CVE-2016-10198
An invalid read can be triggered in the aacparse element via a
maliciously crafted file.
CVE-2017-5840
An out of bounds heap read can be triggered in the qtdemux element
via a maliciously crafted file.
For Debian 8 "Jessie", these problems have been fixed in version
0.10.31-3+nmu4+deb8u3.
We recommend that you upgrade your gst-plugins-good0.10 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl7SgLtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeBVA//Q8OPocfVkltxPbtpNvdsmEJNUP9/RcQ9y+NXYJpBAgaOX8EP8iBkremT
6SskAJdYfZAHNrXc6w7EyGJbgrbVMVaozXN8+3CSyd6gN1TupSK6aB40NR531d8o
RmMRdiqKyoxcXhgx2qTXJlYB+YeOyVDLuuNNQGX2vHDNUaZ24LYnTgRJf2s1OJQd
rU0NZCEP+BZ6PM9jcFo+2yeuLw0yWZEMoc25asPiy1wB3aWZuw9Dw7a99jkZ93wc
F8Vf0ExyTFkJkWNgyxI8KjC1pF4uwxpb6NW6850NddBZEglW2Y1zF4zqOhkihUDt
iEhwKZIvvBTwaXhAdO9nvf5uFK0L3A4q/QG2JRhFY4GNY+NsUvJyQg3RcfdSxzJB
yEA8MBAy9TmYXIa06FnJiMbOTV7W8Jc6vbOnTXkv40a0LljSvUmth7bcJ0STx9Qv
WwM2hpzj1JIkulmYhXLMA04EVsLOwL9clSUwvS9+7cqCXZsKYbZyKBTeMZmjMV5T
73OPCo1lbQFBaN8JR0rR5RH1QJLLZnB6bqCRtrQuOjS+bAxESdCCztEjG9QcHV3X
9luSZUDsV4+tTNG3cyIljqHSsOAlZZxTmA5J98Q12qNT1EfEN4iIFuM3HNF83HYb
P9oCMPtzaEfJbMuy3Jj+YSNjZYecSap/dEyc4PcUXyX4BmveFGk=
=Hn4T
-----END PGP SIGNATURE-----
Reply to: