Debian alert DLA-3503-1 (gst-plugins-bad1.0)

From:
             
 
Thorsten Alteholz <debian@alteholz.de>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 3503-1] gst-plugins-bad1.0 security update
Date:
             
 
Tue, 25 Jul 2023 17:07:33 +0000
Message-ID:
             
 
<alpine.DEB.2.21.2307251705580.31280@postfach.intern.alteholz.me>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3503-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 25, 2023                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gst-plugins-bad1.0
Version        : 1.14.4-1+deb10u3
CVE ID         : CVE-2023-37329


Multiple multiple vulnerabilities were discovered in plugins for the 
GStreamer media framework and its codecs and demuxers, which may result in 
denial of service or potentially the execution of arbitrary code if a 
malformed media file is opened.


For Debian 10 buster, this problem has been fixed in version 
1.14.4-1+deb10u3.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

For the detailed security status of gst-plugins-bad1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmTAAVVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdpBA/+Jd7HNv1uhKPtDnJuF6yXgbTap9Wq3sRyZZJG/L4RrIbqpj+uymN856aj
9WPyXK0NMSYXXRBmPYH4GESPSJDq3hdMYCmldoi4EiykasnFZGq/DKo63uQEJs/n
ubiSC/bSVNKKGZkz37DPKF6FMfU0QbH0QlMWIWV/DRXyyGBUBISVDyUGnB6HH9pB
OXjmU+bi7l/uU0rc8uZ/2kQTuBJhRq5u0jyA7h+i0i3/Bs2ewP2JbcJv2vxfXc47
Y8VfMYFQ5xMneWGX278ty+UqcTEVbx6wXxr09FA4XvEdAcicX79mhpYOpWdyfkKi
J05ochzc0A/oOmyC8bBk3/73ugDfC39zgfmXhZa3sB5fjuLMaqfdGix5vVvMSFfZ
YIY9KXn9eKkNYS7zAV762gpH+gWj280blL/tI/k5T5JiZPU7k4QSSyN0sH5Ber41
yrbLpuah6QaXY6bFKKfdLyog02F9TsLQ/b69EqaH53kLhN/VDtGJcYXrR9JYMS3i
Wd9l1puAH4uDyoC3Lc5t/0xCRkG3zwoWikJay7SfhjOYazhHue7Ctx/cTIJVlJ9X
40uoWdvQB19crgGjun7nVaU5xm/ow3PCZBi871hWhTt8S1iRfVl7LNHXTmuxxlne
yBVUCQrghvu5fjG5SmlUmqkH9c33KE+zjoaffp5C/C5t1ZlY5VU=
=wPln
-----END PGP SIGNATURE-----