[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2225-1] gst-plugins-good0.10 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : gst-plugins-good0.10
Version        : 0.10.31-3+nmu4+deb8u3
CVE ID         : CVE-2016-10198 CVE-2017-5840


Two memory handling issues were found in gst-plugins-good0.10, a collection of GStreamer plugins from the "good" set:

CVE-2016-10198

    An invalid read can be triggered in the aacparse element via a
    maliciously crafted file.

CVE-2017-5840

    An out of bounds heap read can be triggered in the qtdemux element
    via a maliciously crafted file.


For Debian 8 "Jessie", these problems have been fixed in version
0.10.31-3+nmu4+deb8u3.

We recommend that you upgrade your gst-plugins-good0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl7SgLtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeBVA//Q8OPocfVkltxPbtpNvdsmEJNUP9/RcQ9y+NXYJpBAgaOX8EP8iBkremT
6SskAJdYfZAHNrXc6w7EyGJbgrbVMVaozXN8+3CSyd6gN1TupSK6aB40NR531d8o
RmMRdiqKyoxcXhgx2qTXJlYB+YeOyVDLuuNNQGX2vHDNUaZ24LYnTgRJf2s1OJQd
rU0NZCEP+BZ6PM9jcFo+2yeuLw0yWZEMoc25asPiy1wB3aWZuw9Dw7a99jkZ93wc
F8Vf0ExyTFkJkWNgyxI8KjC1pF4uwxpb6NW6850NddBZEglW2Y1zF4zqOhkihUDt
iEhwKZIvvBTwaXhAdO9nvf5uFK0L3A4q/QG2JRhFY4GNY+NsUvJyQg3RcfdSxzJB
yEA8MBAy9TmYXIa06FnJiMbOTV7W8Jc6vbOnTXkv40a0LljSvUmth7bcJ0STx9Qv
WwM2hpzj1JIkulmYhXLMA04EVsLOwL9clSUwvS9+7cqCXZsKYbZyKBTeMZmjMV5T
73OPCo1lbQFBaN8JR0rR5RH1QJLLZnB6bqCRtrQuOjS+bAxESdCCztEjG9QcHV3X
9luSZUDsV4+tTNG3cyIljqHSsOAlZZxTmA5J98Q12qNT1EfEN4iIFuM3HNF83HYb
P9oCMPtzaEfJbMuy3Jj+YSNjZYecSap/dEyc4PcUXyX4BmveFGk=
=Hn4T
-----END PGP SIGNATURE-----


Reply to: