-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5941-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gst-plugins-bad1.0 CVE ID : CVE-2025-3887 Multiple vulnerabilities were discovered in the H.265 plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For the stable distribution (bookworm), this problem has been fixed in version 1.22.0-4+deb12u6. We recommend that you upgrade your gst-plugins-bad1.0 packages. For the detailed security status of gst-plugins-bad1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-bad1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmhJ0UkACgkQEMKTtsN8 TjZ7mQ//QQkdG8FsO/Cx6+DcQcgY5Ybt4FHCTNt7M8YpGBBW8NhwEVjYXtBwfaHj WBuo2fEX+ME4+RLw2YGVGWqdCN5VsOMDgokJTJsw2IYdyBgM4UBjcrT05a7vwS96 tdGBmsFF3GkM25CbnaYwXvSrxhycsjBRRuA41B5hg7c8/jHp6mC/M8Dc12gUsuAr xnFsSQaIzZtCZcE1lGXWkB34pDX7x8+etrQlT9N2c5LGg0YsxwyXgD+5ni6YoHYE YqRqwZk4QyQ5/R5HAb1RiH7oKkELmgSnP+orLrUANditcAnIRPZ7gI1vDADDAk5f C4cCwaSx7YBxySU5m7M3tiMKOTsHez4NMnTt4SgRJg/1++acx7CIIH7APd4lCia9 TO+CJSjokfcKvG2A8IDFiVO0qc3/1F/5xGSc6bpjqOVytcRNg8L8nJaJtBRBH1hV idrw2SY5xJoTXLgM5gOyTCiJ/oKHF/cDWuXTEufg7KO2COXuj9tpN4oGf+7/7OIH ls/xyMv+YgvvShOj8bofEBQHkjSHQfho0b4lK97N8Ko/C7vUp5EdSI5+mu522zpN yBOPCFKGHLKJYH6Jx0kLXQG2lBKh1Oe+2Yw8EiFkBLm12QMdc/oCZoardLXwl8sJ 4tg7MLuWmVA0BKB4VUSclAm7kMkAvQ0DAQeloumMgPEP5p/L4zw= =fj/F -----END PGP SIGNATURE-----