summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Sebastian Dröge [Thu, 19 Oct 2023 21:09:57 +0000 (00:09 +0300)]
mxfdemux: Store GstMXFDemuxEssenceTrack in their own fixed allocation
Origin: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/
7dfaa57b6f9b55f17ffe824bd8988bb71ae11353
Bug-Debian: https://bugs.debian.org/
1056101
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-44446
Previously they were stored inline inside a GArray, but as references to
the tracks were stored in various other places although the array could
still be updated (and reallocated!), this could lead to dangling
references in various places.
Instead now store them in a GPtrArray in their own allocation so each
track's memory position stays fixed.
Fixes ZDI-CAN-22299
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3055
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5638>
Gbp-Pq: Name CVE-2023-44446.patch
Maintainers of GStreamer packages [Sun, 26 Nov 2023 20:55:02 +0000 (22:55 +0200)]
CVE-2023-40476
commit
fddda166222a067d0e511950a0a8cfb9f5a521b7
Author: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Date: Wed Aug 9 12:49:19 2023 -0400
h265parser: Fix possible overflow using max_sub_layers_minus1
This fixes a possible overflow that can be triggered by an invalid value of
max_sub_layers_minus1 being set in the bitstream. The bitstream uses 3 bits,
but the allowed range is 0 to 6 only.
Fixes ZDI-CAN-21768, CVE-2023-40476
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2895
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5366>
Gbp-Pq: Name CVE-2023-40476.patch
Maintainers of GStreamer packages [Sun, 26 Nov 2023 20:55:02 +0000 (22:55 +0200)]
CVE-2023-40475
commit
1edd1c38dcc5d27e7c5649d999ee8278872a16d4
Author: Sebastian Dröge <sebastian@centricular.com>
Date: Thu Aug 10 15:47:03 2023 +0300
mxfdemux: Check number of channels for AES3 audio
Only up to 8 channels are allowed and using a higher number would cause
integer overflows when copying the data, and lead to out of bound
writes.
Also check that each buffer is at least 4 bytes long to avoid another
overflow.
Fixes ZDI-CAN-21661, CVE-2023-40475
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2897
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5365>
Gbp-Pq: Name CVE-2023-40475.patch
Maintainers of GStreamer packages [Sun, 26 Nov 2023 20:55:02 +0000 (22:55 +0200)]
CVE-2023-40474
commit
f73fc41f2ca6a0cd4e883aee64bf8e1c15ff68ce
Author: Sebastian Dröge <sebastian@centricular.com>
Date: Thu Aug 10 15:45:01 2023 +0300
mxfdemux: Fix integer overflow causing out of bounds writes when handling invalid uncompressed video
Check ahead of time when parsing the track information whether
width, height and bpp are valid and usable without overflows.
Fixes ZDI-CAN-21660, CVE-2023-40474
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2896
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5365>
Gbp-Pq: Name CVE-2023-40474.patch
Maintainers of GStreamer packages [Sun, 26 Nov 2023 20:55:02 +0000 (22:55 +0200)]
SA-2023-0003
Gbp-Pq: Name SA-2023-0003.patch
Sebastian Dröge [Tue, 23 Mar 2021 17:19:14 +0000 (19:19 +0200)]
[PATCH] h2645parser: Catch overflows in AVC/HEVC NAL unit length calculations
Offset and size are stored as 32 bit guint and might overflow when
adding the nal_length_size, so let's avoid that.
For the size this would happen if the AVC/HEVC NAL unit size happens to
be stored in 4 bytes and is
4294967292 or higher, which is likely
corrupted data anyway.
For the offset this is something for the caller of these functions to
take care of but is unlikely to happen as it would require parsing on a
>4GB buffer.
Allowing these overflows causes all kinds of follow-up bugs in the
h2645parse elements, ranging from infinite loops and memory leaks to
potential memory corruptions.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103>
Gbp-Pq: Name 0001-h2645parser-Catch-overflows-in-AVC-HEVC-NAL-unit-length.patch
Maintainers of GStreamer packages [Sun, 26 Nov 2023 20:55:02 +0000 (22:55 +0200)]
_openexr-std-cxx11
===================================================================
Gbp-Pq: Name 03_openexr-std-cxx11.patch
Andrew Wesie [Fri, 16 Oct 2020 11:29:02 +0000 (12:29 +0100)]
[PATCH] codecparsers: h264parser: guard against ref_pic_markings overflow
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1703>
Gbp-Pq: Name 02_ref_pic_markings_overflow.patch
Iain Lane [Sun, 26 Nov 2023 20:55:02 +0000 (22:55 +0200)]
Tell libtool not to deduplicate linked libraries which causes problems in the case of circular deps. Force -lc to be added at the end.
Gbp-Pq: Name 01_fix-modplug-linking.patch
Thorsten Alteholz [Sun, 26 Nov 2023 20:55:02 +0000 (22:55 +0200)]
gst-plugins-bad1.0 (1.14.4-1+deb10u5) buster-security; urgency=high
* Non-maintainer upload by the LTS Team.
* CVE-2023-44446
mxfdemux: Store GstMXFDemuxEssenceTrack in their own fixed allocation
[dgit import unpatched gst-plugins-bad1.0 1.14.4-1+deb10u5]
Thorsten Alteholz [Sun, 26 Nov 2023 20:55:02 +0000 (22:55 +0200)]
Import gst-plugins-bad1.0_1.14.4-1+deb10u5.debian.tar.xz
[dgit import tarball gst-plugins-bad1.0 1.14.4-1+deb10u5 gst-plugins-bad1.0_1.14.4-1+deb10u5.debian.tar.xz]
Sebastian Dröge [Wed, 3 Oct 2018 10:57:59 +0000 (13:57 +0300)]
Import gst-plugins-bad1.0_1.14.4.orig.tar.xz
[dgit import orig gst-plugins-bad1.0_1.14.4.orig.tar.xz]
projects / gst-plugins-bad1.0.git / log