UbuntuUpdates.org

Package "gstreamer1.0-pulseaudio"

Name: gstreamer1.0-pulseaudio

Description:

GStreamer plugin for PulseAudio
Latest version: 1.16.3-0ubuntu1.3
Release: focal (20.04)
Level: security
Repository: main
Head package: gst-plugins-good1.0
Homepage: https://gstreamer.freedesktop.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gstreamer1.0-pulseaudio"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "gstreamer1.0-pulseaudio" in Focal

Repository Area Version
base main 1.16.2-1ubuntu2
updates main 1.16.3-0ubuntu1.3

Changelog

Version: 1.16.3-0ubuntu1.3 2024-12-18 15:06:52 UTC

  gst-plugins-good1.0 (1.16.3-0ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/202412-sec*.patch: backport upstream security fix
      commits from 1.24.10.
    - CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47543,
      CVE-2024-47544, CVE-2024-47545, CVE-2024-47546, CVE-2024-47596,
      CVE-2024-47597, CVE-2024-47598, CVE-2024-47599, CVE-2024-47601,
      CVE-2024-47602, CVE-2024-47603, CVE-2024-47606, CVE-2024-47613,
      CVE-2024-47774, CVE-2024-47775, CVE-2024-47776, CVE-2024-47777,
      CVE-2024-47778, CVE-2024-47834

 -- Marc Deslauriers <email address hidden> Mon, 16 Dec 2024 13:36:08 -0500
Source diff to previous version
CVE-2024-47537 GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samp
CVE-2024-47539 GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s3
CVE-2024-47540 GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the
CVE-2024-47543 GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container
CVE-2024-47544 GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null deref
CVE-2024-47545 GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function wi
CVE-2024-47546 GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function
CVE-2024-47596 GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data func
CVE-2024-47597 GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples with
CVE-2024-47598 GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sampl
CVE-2024-47599 GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_
CVE-2024-47601 GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_
CVE-2024-47602 GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_
CVE-2024-47603 GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_
CVE-2024-47606 GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_the
CVE-2024-47613 GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identific
CVE-2024-47774 GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_pa
CVE-2024-47775 GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function with
CVE-2024-47776 GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavp
CVE-2024-47777 GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_c
CVE-2024-47778 GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk
CVE-2024-47834 GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the p

Version: 1.16.3-0ubuntu1.2 2023-08-02 18:07:05 UTC
No changelog available yet.
Source diff to previous version

Version: 1.16.3-0ubuntu1.1 2022-08-08 18:06:26 UTC

  gst-plugins-good1.0 (1.16.3-0ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-1920.patch: avoid integer overflow
      resulting in heap corruption in WavPack header handling code
      in gst/matroska/matroska-demux.c.
    - CVE-2022-1920
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-1921.patch: fix integer overflow resulting
      in heap corruption in DIB buffer inversion code in
      gst/avi/gstavidemux.c.
    - CVE-2022-1921
  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2022-1922-1923-1924-1925-and-2122.patch: fix
      integer overflows in zblib/bz2/etc decompression code in
      gst/matroska/matroska-read-commnon.c.
    - debian/patches/fix_integer_overflows_in_zlib.patch: fix in
      gst/isomp4/qtdemux.c.
    - CVE-2022-1922
    - CVE-2022-1923
    - CVE-2022-1924
    - CVE-2022-1925
    - CVE-2022-2122

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 26 Jul 2022 07:23:44 -0300
Source diff to previous version
CVE-2022-1920 Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files.
CVE-2022-1921 Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary
CVE-2022-1922 DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data fu
CVE-2022-1923 DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function whi
CVE-2022-1924 DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which
CVE-2022-1925 DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_
CVE-2022-2122 DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a se

Version: 1.16.2-1ubuntu2.1 2021-04-28 19:06:34 UTC

  gst-plugins-good1.0 (1.16.2-1ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2021-3497.patch: Fix extraction of multichannel WavPack
      in gst/matroska/matroska-demux.c, gst/matroska/matroska-ids.h.
    - CVE-2021-3497
  * SECURITY UPDATE: Heap corruption
    - debian/patches/CVE-2021-3498.patch: Initialize track context out parameter to NULL
      before parsing in gst/matroska/matroska-demux.c.
    - CVE-2021-3498

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 15 Apr 2021 11:49:56 -0300
CVE-2021-3497 GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
CVE-2021-3498 GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.


About   -   Send Feedback to @ubuntu_updates