Your message dated Fri, 30 Apr 2021 16:47:22 +0000 with message-id <e1lcwiu-000ie4...@fasolo.debian.org> and subject line Bug#986911: fixed in gst-plugins-good1.0 1.14.4-1+deb10u1 has caused the Debian Bug report #986911, regarding gst-plugins-good1.0: CVE-2021-3498 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 986911: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986911 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gst-plugins-good1.0 Version: 1.18.3-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: fixed -1 1.18.4-1 Hi, The following vulnerability was published for gst-plugins-good1.0. CVE-2021-3498[0]: | gstreamer-plugins-good: Heap corruption in matroska demuxing If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3498 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3498 [1] https://gstreamer.freedesktop.org/security/sa-2021-0003.html [2] https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gst-plugins-good1.0 Source-Version: 1.14.4-1+deb10u1 Done: Sebastian Dröge <sl...@debian.org> We believe that the bug you reported is fixed in the latest version of gst-plugins-good1.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 986...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Dröge <sl...@debian.org> (supplier of updated gst-plugins-good1.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 22 Apr 2021 21:32:31 +0300 Source: gst-plugins-good1.0 Binary: gstreamer1.0-gtk3 gstreamer1.0-plugins-good gstreamer1.0-plugins-good-dbg gstreamer1.0-plugins-good-doc gstreamer1.0-pulseaudio gstreamer1.0-qt5 Architecture: source amd64 all Version: 1.14.4-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Maintainers of GStreamer packages <gst-plugins-good...@packages.debian.org> Changed-By: Sebastian Dröge <sl...@debian.org> Description: gstreamer1.0-gtk3 - GStreamer plugin for GTK+3 gstreamer1.0-plugins-good - GStreamer plugins from the "good" set gstreamer1.0-plugins-good-dbg - GStreamer plugins from the "good" set gstreamer1.0-plugins-good-doc - GStreamer documentation for plugins from the "good" set gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio gstreamer1.0-qt5 - GStreamer plugin for Qt5 Closes: 986910 986911 Changes: gst-plugins-good1.0 (1.14.4-1+deb10u1) buster-security; urgency=high . * debian/patches/0001-matroskademux-Initialize-track-context-out-parameter-to-NULL.patch: + Fix use-after free and stack corruption in Matroska demuxer (CVE-2021-3497) (Closes: #986910). * debian/patches/0002-matroskademux-Fix-extraction-of-multichannel-WavPack.patch: + Fix extraction of multichannel WavPack in Matroska demuxer, which caused heap corruption (CVE-2021-3498) (Closes: #986911). Checksums-Sha1: ee05cd178b4d5da891502933d336b3598fdfb453 4027 gst-plugins-good1.0_1.14.4-1+deb10u1.dsc 382f7e424437ea8a3d1d7701569eddea76b18375 3792524 gst-plugins-good1.0_1.14.4.orig.tar.xz 07de251fde7689e8a849248652b4c03693963f95 39600 gst-plugins-good1.0_1.14.4-1+deb10u1.debian.tar.xz 03e1f9181b54ab7f38bc5959fd3d6565b19ec6a6 21561 gst-plugins-good1.0_1.14.4-1+deb10u1_amd64.buildinfo d0985a06541ea449854d29b01f2923f32a92ae48 1269568 gstreamer1.0-gtk3_1.14.4-1+deb10u1_amd64.deb dcab63498f77ab2dfaf5f613ae750752e86c2e42 10402304 gstreamer1.0-plugins-good-dbg_1.14.4-1+deb10u1_amd64.deb 33fc662a18bb7a25629e2329d0c3e8e13e50547a 1464332 gstreamer1.0-plugins-good-doc_1.14.4-1+deb10u1_all.deb a2b8b9d229ce4fae175cf3b55e73a6fbaad4ee39 2922780 gstreamer1.0-plugins-good_1.14.4-1+deb10u1_amd64.deb 6c8d1fe8ef6a89922a8fbc76952777411a7a96d0 1292596 gstreamer1.0-pulseaudio_1.14.4-1+deb10u1_amd64.deb 636fbcc5bce4be77514b57c459048622d1b7c0f0 1282096 gstreamer1.0-qt5_1.14.4-1+deb10u1_amd64.deb Checksums-Sha256: f6babfd33b50953a1d6559b37cb6d985ed2b6a386f030ca5580cdf0f4b91fb8c 4027 gst-plugins-good1.0_1.14.4-1+deb10u1.dsc 5f8b553260cb0aac56890053d8511db1528d53cae10f0287cfce2cb2acc70979 3792524 gst-plugins-good1.0_1.14.4.orig.tar.xz 9ed388acf5289d85df1998dcbd47f8b9dc675db6fe546c4a6725c8ee00b6f1c8 39600 gst-plugins-good1.0_1.14.4-1+deb10u1.debian.tar.xz 854c7acc84bf9132c90b6fd7ea98c52f8c80426d888d67a4ffe248eed9ab12a5 21561 gst-plugins-good1.0_1.14.4-1+deb10u1_amd64.buildinfo 7b6f7fbc8d0bac0a8fa734c3deb51e952ae7935cb30d4dfe9bc256b968f82197 1269568 gstreamer1.0-gtk3_1.14.4-1+deb10u1_amd64.deb 628f328cf92e2987b104a1899236b4e2b41b3dabdf4db27eaa7634e28551b6c6 10402304 gstreamer1.0-plugins-good-dbg_1.14.4-1+deb10u1_amd64.deb 6705bf33edc48ab613d2d7e167a2d3f4115650625b906ce2a5dc986c8356fbb6 1464332 gstreamer1.0-plugins-good-doc_1.14.4-1+deb10u1_all.deb 1e52930686399a23358fc19a31a5fdb1e941a4f4f93303cd16a4ca2affd9170b 2922780 gstreamer1.0-plugins-good_1.14.4-1+deb10u1_amd64.deb 598006fa52722a818ebe0d8c733a8ba9b0b760e376749d85165f1b319ce0914f 1292596 gstreamer1.0-pulseaudio_1.14.4-1+deb10u1_amd64.deb b48b67b119507d052b46ca660488ee6a656a1bdb55567782d0e18e7d20cf8148 1282096 gstreamer1.0-qt5_1.14.4-1+deb10u1_amd64.deb Files: 164e4656527e967615dab8040fcf9dec 4027 libs optional gst-plugins-good1.0_1.14.4-1+deb10u1.dsc 6e3b247097366cf2639f22abfece7113 3792524 libs optional gst-plugins-good1.0_1.14.4.orig.tar.xz 5626c6fc2c5a7e7aac335fc71ab9c1d5 39600 libs optional gst-plugins-good1.0_1.14.4-1+deb10u1.debian.tar.xz 81ba2ca1fe06c9edfd85945359478623 21561 libs optional gst-plugins-good1.0_1.14.4-1+deb10u1_amd64.buildinfo 6d6116c8680aac4b9c4dd317bded1245 1269568 graphics optional gstreamer1.0-gtk3_1.14.4-1+deb10u1_amd64.deb 99ddba3c375920236c8acfdc65148e42 10402304 debug extra gstreamer1.0-plugins-good-dbg_1.14.4-1+deb10u1_amd64.deb 6daef44b6f54117fb491daf1b76a1379 1464332 doc optional gstreamer1.0-plugins-good-doc_1.14.4-1+deb10u1_all.deb 077fe841d38cfff6f51e724dac0979a8 2922780 libs optional gstreamer1.0-plugins-good_1.14.4-1+deb10u1_amd64.deb e6a8ad7ef597fd97fb625630fe858f53 1292596 sound optional gstreamer1.0-pulseaudio_1.14.4-1+deb10u1_amd64.deb cb24ed8a425ac088b8ed9903361cc094 1282096 graphics optional gstreamer1.0-qt5_1.14.4-1+deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEEf0vHzDygb5cza7/rBmjMFIbC17UFAmCB2v1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDdG NEJDN0NDM0NBMDZGOTczMzZCQkZFQjA2NjhDQzE0ODZDMkQ3QjUSHHNsb21vQGNv YXhpb24ubmV0AAoJEAZozBSGwte1X30P/iMCDpc6UtMEtHwHEs+ct82khRfC/B6Q MwIoSRd/UG/yeVjm3a6JAkZ6FEzVAbnoGgWh+tSgcsvLXg3eI15Nlhmvq+fJRhib rT83jqe3ClE+KQAh6vjipWIxsvDg9uOsguM6wgg1/f6u6K/It/vFPN3czVfX/lQn x9qRN4G5PVjrIrgmes136rcyS4QTkGvXnH0f4D/NF2HJpyT+LEPwSkY3ZEmRJ+3r 6f7D2HdU+WhIAzkrLGwaKOFx3mLISxqMzrkrMWwRyqXlHjKSbcrmTqaZQMB8PXgj p4eBCpAgbk4kZvPT5SQF4nxRk0P9UZrW3fHBmo/BIeSPOTxL3vPbSySZQ4b+PZQB L87ozMaXE2s5yS0fb4zLeL0iiEvrZ0a91ZGvOTvWJHFvvi0LiAXxxYAL6kZQLmLZ 7vnIHnku5mtnT+ke1jbzeNBh9CobTwKORu/N5neqmEtFYJK8R8/P4gzOmQqfQPFz dY093n+5hICiAVLUjhq/qPCSHau+MBc2254iDCbv1eJhdD13vSw9LY5HUZ2mh5nu nO+mNl+glAfTP82TNATR8Azg5kw+pTTY8WkGIOhGWCX9laGlIqtGZrMtULecJ3no FcMok09M165f9ZqpixwtxoE7mXglf6IGM+GVAroJIoWzRjUIJ1JSJ/Z9TGPySO4+ uHiVjo7m7kAj =fKwL -----END PGP SIGNATURE-----
--- End Message ---
