-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5832-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 16, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gstreamer1.0 CVE ID : CVE-2024-47606 Antonio Morales reported an integer overflow vulnerability in the memory allocator in the Core GStreamer libraries, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is processed. For the stable distribution (bookworm), this problem has been fixed in version 1.22.0-2+deb12u1. We recommend that you upgrade your gstreamer1.0 packages. For the detailed security status of gstreamer1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gstreamer1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmdgXTJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0THQg/+LPHyqH/H3o26N1DD/ENPemJdmCdoSqT9zSuprpRAYfJBHus2FBm2lPn/ ra0T5Jjr5s2h76bzZS6K3CvGuf/iFAsPpymsPzyleccniCiCN71V9soEx1Tw5ciJ k6bE3Fg4efyWaDFyBMbYdNTTr2aamLAWdRoFk3Y7Ij+w5IMSlTSh1m9aUbOEGngC aiVLM9DHScs4DjRcbBRcxRF3Qk9Dq4Rx7oIZLqdV/crW1x9L0WjOi15KJueRi2kj BCdsEd0SUXRxFQ+xNJlrDFGxBGxjjktMyXvVzzC55jeRC3qMzAQ8ly32BTqdcBgn 3hO0p1wbYjXb0lHuV2VqClrutQjD8gbJj/Y8LmmzlBIvKd7D3ZoFFOI3S8baeewu p06fnzvvjjeIWZ+2Uh/BXeSb0606L2Rum0Bhc22mkwbWCDHmvBaQ6+r0vsZzXsVz Y4gGRZ/8uQWeYilM/WiRDRdWADdaRK436BHKW8Ta62ptuHqyxECcuUeck2ZD5C1Y yQWkik7vaFm061Qold5s1pj/2BE1Jcq1XTBba0uUdyb85j01miceWBifTmKOfxBo WOXY3x5cneoRQWcOrqHZ1llf8CMC6lMnyoT1uDd0+G1mjmIw/zylNEX7DX6J66FA GxZggfQDM46W2WgGKdHSZFH5w+al7BVFuq5xN1Ys4mPy8DRnkxw= =zNVC -----END PGP SIGNATURE-----