UbuntuUpdates.org

Package "gstreamer1.0-plugins-good-dbg"

Name: gstreamer1.0-plugins-good-dbg

Description:

GStreamer plugins from the "good" set

Latest version: 1.8.3-1ubuntu0.5
Release: xenial (16.04)
Level: updates
Repository: main
Head package: gst-plugins-good1.0
Homepage: http://gstreamer.freedesktop.org/modules/gst-plugins-good.html

Links


Download "gstreamer1.0-plugins-good-dbg"


Other versions of "gstreamer1.0-plugins-good-dbg" in Xenial

Repository Area Version
base main 1.8.0-1ubuntu1
security main 1.8.3-1ubuntu0.5

Changelog

Version: 1.8.3-1ubuntu0.5 2021-04-28 19:06:25 UTC

  gst-plugins-good1.0 (1.8.3-1ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2021-3497.patch: Fix extraction of multichannel WavPack
      in gst/matroska/matroska-demux.c, gst/matroska/matroska-ids.h.
    - CVE-2021-3497

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 15 Apr 2021 13:46:46 -0300

Source diff to previous version
CVE-2021-3497 GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

Version: 1.8.3-1ubuntu0.4 2017-03-27 19:07:07 UTC

  gst-plugins-good1.0 (1.8.3-1ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS in gst_aac_parse_sink_setcaps
    - debian/patches/CVE-2016-10198.patch: make sure there's enough data in
      gst/audioparsers/gstaacparse.c.
    - CVE-2016-10198
  * SECURITY UPDATE: DoS in qtdemux_tag_add_str_full
    - debian/patches/CVE-2016-10199.patch: fix out of bounds read in
      gst/isomp4/qtdemux.c.
    - CVE-2016-10199
  * SECURITY UPDATE: DoS in qtdemux_parse_samples
    - debian/patches/CVE-2017-5840.patch: properly increment stts index in
      gst/isomp4/qtdemux.c.
    - CVE-2017-5840
  * SECURITY UPDATE: DoS in gst_avi_demux_parse_ncdt
    - debian/patches/CVE-2017-5841.patch: fix out of bounds reads in
      gst/avi/gstavidemux.c.
    - CVE-2017-5841
  * SECURITY UPDATE: DoS in gst_avi_demux_parse_ncdt
    - debian/patches/CVE-2017-5845.patch: check size in
      gst/avi/gstavidemux.c.
    - CVE-2017-5845

 -- Marc Deslauriers <email address hidden> Thu, 23 Mar 2017 10:23:46 -0400

Source diff to previous version
CVE-2016-1019 Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
CVE-2017-5840 The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial o
CVE-2017-5841 The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a deni
CVE-2017-5845 The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a deni

Version: 1.8.3-1ubuntu0.3 2017-02-02 19:06:44 UTC

  gst-plugins-good1.0 (1.8.3-1ubuntu0.3) xenial; urgency=medium

  * Rebase on top of security update again.

Source diff to previous version

Version: 1.8.2-1ubuntu0.3 2016-11-28 15:07:18 UTC

  gst-plugins-good1.0 (1.8.2-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for flx decoder
    - debian/patches/flxdec-bounds3.patch: don't unref() parent in the
      chain function in gst/flx/gstflxdec.c.
    - debian/patches/flxdec-bounds4.patch: rewrite logic based on
      GstByteReader/Writer in gst/flx/flx_color.c, gst/flx/flx_fmt.h,
      gst/flx/gstflxdec.c, gst/flx/gstflxdec.h.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Fri, 25 Nov 2016 07:51:17 -0500

Source diff to previous version

Version: 1.8.2-1ubuntu0.2 2016-11-22 22:06:50 UTC

  gst-plugins-good1.0 (1.8.2-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via out-of-bounds write in flx decoder
    - debian/patches/flxdec-bounds1.patch: add bounds checking to
      gst/flx/gstflxdec.c.
    - debian/patches/flxdec-bounds2.patch: fix compiler warnings in
      gst/flx/gstflxdec.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 08:47:28 -0500




About   -   Send Feedback to @ubuntu_updates