Bug#986911: marked as done (gst-plugins-good1.0: CVE-2021-3498)

[Debian Bug Tracking System]

Your message dated Thu, 22 Apr 2021 19:18:59 +0000
with message-id <e1lzeqp-0004he...@fasolo.debian.org>
and subject line Bug#986911: fixed in gst-plugins-good1.0 1.18.4-2
has caused the Debian Bug report #986911,
regarding gst-plugins-good1.0: CVE-2021-3498
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986911: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986911
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: gst-plugins-good1.0
Version: 1.18.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: fixed -1 1.18.4-1

Hi,

The following vulnerability was published for gst-plugins-good1.0.

CVE-2021-3498[0]:
| gstreamer-plugins-good: Heap corruption in matroska demuxing

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3498
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3498
[1] https://gstreamer.freedesktop.org/security/sa-2021-0003.html
[2] 
https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: gst-plugins-good1.0
Source-Version: 1.18.4-2
Done: Sebastian Dröge <sl...@debian.org>

We believe that the bug you reported is fixed in the latest version of
gst-plugins-good1.0, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Dröge <sl...@debian.org> (supplier of updated gst-plugins-good1.0 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Apr 2021 20:48:09 +0300
Source: gst-plugins-good1.0
Architecture: source
Version: 1.18.4-2
Distribution: unstable
Urgency: medium
Maintainer: Maintainers of GStreamer packages 
<gst-plugins-good...@packages.debian.org>
Changed-By: Sebastian Dröge <sl...@debian.org>
Closes: 986910 986911
Changes:
 gst-plugins-good1.0 (1.18.4-2) unstable; urgency=medium
 .
   * Upload to unstable:
     + Fixes CVE-2021-3497 (Closes: #986910).
     + Fixes CVE-2021-3498 (Closes: #986911).
Checksums-Sha1:
 26b50ba8ae92e8f347c0662f247a671faa82d1d8 3707 gst-plugins-good1.0_1.18.4-2.dsc
 aaf8f2aa0bb58cad638b32d0d44a183ed7e7f8b0 3277572 
gst-plugins-good1.0_1.18.4.orig.tar.xz
 5a276ea7a83048554881a316399ebd8938e479a8 34344 
gst-plugins-good1.0_1.18.4-2.debian.tar.xz
 2a796cef23936a0f5e2faefb38b66d4ee2bcee62 20898 
gst-plugins-good1.0_1.18.4-2_amd64.buildinfo
Checksums-Sha256:
 ed7324abbccb9a412cc917d73c7669f2d94b463d5aeb97cef59419f51a5cfc9e 3707 
gst-plugins-good1.0_1.18.4-2.dsc
 b6e50e3a9bbcd56ee6ec71c33aa8332cc9c926b0c1fae995aac8b3040ebe39b0 3277572 
gst-plugins-good1.0_1.18.4.orig.tar.xz
 97360f928c285a77e623842129f1c34a60f86913bd3d0b43d3703774086b925e 34344 
gst-plugins-good1.0_1.18.4-2.debian.tar.xz
 829c8f844f48ed66382254e671cfe371d1453636449708c4b04775cf168d5310 20898 
gst-plugins-good1.0_1.18.4-2_amd64.buildinfo
Files:
 4bc13b48f66c4f9054d5d90287954899 3707 libs optional 
gst-plugins-good1.0_1.18.4-2.dsc
 4ecf1ac5cd422d9c13fe05dbf5e3df26 3277572 libs optional 
gst-plugins-good1.0_1.18.4.orig.tar.xz
 ed23296d86e1f830e18e991aae070b13 34344 libs optional 
gst-plugins-good1.0_1.18.4-2.debian.tar.xz
 7841e3859789dfde574a164e6075a75f 20898 libs optional 
gst-plugins-good1.0_1.18.4-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEEf0vHzDygb5cza7/rBmjMFIbC17UFAmCByD1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDdG
NEJDN0NDM0NBMDZGOTczMzZCQkZFQjA2NjhDQzE0ODZDMkQ3QjUSHHNsb21vQGNv
YXhpb24ubmV0AAoJEAZozBSGwte1CukP/ROIOAPwfZJyvn9p85DoC4utqo/ywc3/
d/IcZZGULIB44WWqdegfxMHogyJZLsNnGe4djKP+LUTONZghukCViig4PfxUTbA3
UaxuTxg4eGW9FifzOaA/wA9w2KHm/Cxi8qjrWaP4IwBIz8QJZbR50Z4pFZ6+4+Eu
KZxckHcGa7WVTvu3pWM2U3At+TQ3cpmlisZLhWHjirsILIb/PYBm2CSdC3fZx+eb
exnBNteuuXZAAwJkFySXWd0E9yfBvtb1lOtjpza+sonz8ew2xsYAxRMeayUDjt4K
ZWp02rGcXcfRTwIpTT8eh65iaCxseVwXqs8ptzVi+hU9zI4t8CbcoRub5ol4wKKT
tTKJ3CMg59ITB6jCnHSXCB414QwCPEpdUUdDiMvHA/9NL1DbdWLIWMqPDUWRS/BG
CpK+Sb1WzaJ2pyyY354qkEbP5iOaGQtRdiQtW78HrqmoBO03+qr7NxNht7cQ5fQU
+dxusDyRlJjfRCynd0cDPoUcCAGaZxBYiA2rwdqA97DWcIZ1MB8RCUupIrbfGi0i
v/ARmX7Bxv94MsowcIl14y5FY2pE4NorO73/7OO/JSh95j/PPVvKkgvfLuivYCg4
VLeycQ7cYtQeC9RRFnXlEqdmaNwtp4cF2iEDaEpLVz8Amiojnp5HGnDtsVZENwxq
RggkdyLNPQZF
=w3wn
-----END PGP SIGNATURE-----

--- End Message ---