-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5838-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 29, 2024                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gst-plugins-good1.0
CVE ID         : CVE-2024-47537 CVE-2024-47539 CVE-2024-47540 CVE-2024-47543
                 CVE-2024-47544 CVE-2024-47545 CVE-2024-47546 CVE-2024-47596
                 CVE-2024-47597 CVE-2024-47598 CVE-2024-47599 CVE-2024-47601
                 CVE-2024-47602 CVE-2024-47603 CVE-2024-47606 CVE-2024-47613
                 CVE-2024-47774 CVE-2024-47775 CVE-2024-47776 CVE-2024-47777
                 CVE-2024-47778 CVE-2024-47834

Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework and its codecs and demuxers, which may result in denial
of service or potentially the execution of arbitrary code if a malformed
media file is opened.

For the stable distribution (bookworm), these problems have been fixed in
version 1.22.0-5+deb12u2.

We recommend that you upgrade your gst-plugins-good1.0 packages.

For the detailed security status of gst-plugins-good1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-good1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmdxagdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SenhAAjN0+brtUrgM1yPzovrZ3liOBb8QunZ1eSd1gOibK2qfzRGSJy5iMWui3
mAkbYvRJ2B9IWylP+jb3ELcZu1hS1QLcBvMhvRXhmzyusfDcxIuyDfMSdb4EJVzs
yP2zwS86gkGNEqgvrhLZ0S+RgDc/T4aqBBCf5g68CHe/OWdWWnsuQvzyUXct9aX+
39T60CAvfSAbaONcW/qNF5M4MIrwxhefOl/AeO5WOeYFdbLvjali4bKtPDIfaMaw
daJIrwxcsUIXt7IcF/wq12zWOvJiCLPuFCSBRwnoKFpCbZqGBggKlKfakohOAHn5
pm7z+HP53TL0y4u/0v22F2wtujkLOeENTDLQfm/uSGzcvkNC2qr4P0OM6Z1rH6Mr
rqlDhcxQViq8Knph349dtSogbfQrc6Sxr6+3uOg8G08aCr6l9dlNtlz1fnFFujMV
hIaAwDfrMKU+59bPrPTG5WlUE3M3I4T8pZdWfAMVunjiro9ja1SfN10AAHSvZSwA
SjSzS0IM8XyKTpjP4NPk1Od9IsUNqS28rtxpoycFvFs57OhlkSvbMZCgATu/FpJr
PuN5dcMUjHBmdKIY8WYOKyUwitzxqUHD5+v7hOpR2zakIVESqIts9d2P4lZBQ9bD
xruHSrSKkCJxgFEOuGoIGdx6Wfuc8fELEIZGsCM0ViFCGNXXJf0=
=TgaX
-----END PGP SIGNATURE-----