Home Explore Help
Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Browse Source

package/gst1-plugins-bad: security bump to version 1.22.6

Fixes the following security issues:

CVE-2023-37329: Heap-based buffer overflow in the PGS blu-ray subtitle
decoder when handling certain files in GStreamer versions before 1.22.4 /
1.20.7.

https://gstreamer.freedesktop.org/security/sa-2023-0003.html

CVE-2023-40474: Heap-based buffer overflow in the MXF file demuxer when
handling malformed files with uncompressed video in GStreamer versions
before 1.22.6.

https://gstreamer.freedesktop.org/security/sa-2023-0006.html

CVE-2023-40475: Heap-based buffer overflow in the MXF file demuxer when
handling malformed files with AES3 audio in GStreamer versions before
1.22.6.

https://gstreamer.freedesktop.org/security/sa-2023-0007.html

CVE-2023-40476: Stack-based buffer overflow in the H.265 video parser when
handling malformed H.265 video streams in GStreamer versions before 1.22.6.

https://gstreamer.freedesktop.org/security/sa-2023-0008.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19fe76b8b4dd09bd11fce6832932cd799332ffb5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard 1 year ago
parent
0284e84d46
commit
b1e2cd3e25
2 changed files with 3 additions and 3 deletions
Split View Show Diff Stats
  1. 2 2
      package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash
  2. 1 1
      package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk

+ 2 - 2
package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash
View File 

@@ -1,3 +1,3 @@
 
-# From https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.2.tar.xz.sha256sum
 
-sha256  3d8faf1ce3402c8535ce3a8c4e1a6c960e4b5655dbda6b55943db9ac79022d0f  gst-plugins-bad-1.22.2.tar.xz
 
+# From https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz.sha256sum
 
+sha256  b4029cd2908a089c55f1d902a565d007495c95b1442d838485dc47fb12df7137  gst-plugins-bad-1.22.6.tar.xz
 
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING

+ 1 - 1
package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk
View File 

@@ -4,7 +4,7 @@
 
 #
 
 ################################################################################
 
 
-GST1_PLUGINS_BAD_VERSION = 1.22.2
 
+GST1_PLUGINS_BAD_VERSION = 1.22.6
 
 GST1_PLUGINS_BAD_SOURCE = gst-plugins-bad-$(GST1_PLUGINS_BAD_VERSION).tar.xz
 
 GST1_PLUGINS_BAD_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-bad
 
 GST1_PLUGINS_BAD_INSTALL_STAGING = YES