-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Nov 2025 11:58:14 -0500 Source: gst-plugins-base1.0 Built-For-Profiles: noudeb Architecture: source Version: 1.18.4-2+deb11u4 Distribution: bullseye-security Urgency: high Maintainer: Maintainers of GStreamer packages <[email protected]> Changed-By: Jeremy BĂcha <[email protected]> Changes: gst-plugins-base1.0 (1.18.4-2+deb11u4) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Security Team * Fix DoS via stack overflow in subparse plugin - debian/patches/CVE-2025-47806.patch: make sure that subrip time string is not too long before zero-padding in gst/subparse/gstsubparse.c. - CVE-2025-47806 * Fix DoS via null-deref in subparse plugin - debian/patches/CVE-2025-47807.patch: check for valid UTF-8 before cleaning up lines and check for regex replace errors in gst/subparse/gstsubparse.c. - CVE-2025-47807 * Fix DoS via null-deref in subparse plugin - debian/patches/CVE-2025-47808.patch: don't append NULL + 1 to the string buffer when parsing lines without text in gst/subparse/tmplayerparse.c. * Stop ignoring build test failures on amd64, arm64, ppc64el Checksums-Sha1: e56cd882ad4734ce5cc2b0d0d060f043773849d0 3713 gst-plugins-base1.0_1.18.4-2+deb11u4.dsc 879dc96692609ac079cd9d05b359882fb9cf7108 3169512 gst-plugins-base1.0_1.18.4.orig.tar.xz 4c365d1aaa4abf183117586327e29f427aca170e 55684 gst-plugins-base1.0_1.18.4-2+deb11u4.debian.tar.xz cab16f4bd061c87aa10c523592cc5f51b6bce6f0 13727 gst-plugins-base1.0_1.18.4-2+deb11u4_source.buildinfo Checksums-Sha256: bbb0676080c9534f8f97ba414a2d4f372eb0f7b143ad33878e0963124bd1348a 3713 gst-plugins-base1.0_1.18.4-2+deb11u4.dsc 29e53229a84d01d722f6f6db13087231cdf6113dd85c25746b9b58c3d68e8323 3169512 gst-plugins-base1.0_1.18.4.orig.tar.xz 9bf58bf10941081ef20ca749c160a677025ae9d1dc5c2e3b4477e15a5bfe0801 55684 gst-plugins-base1.0_1.18.4-2+deb11u4.debian.tar.xz 9e8f1219eba563b00ad9f019acddfd7332eaf91d4aa1e50bb1e6601244e730e5 13727 gst-plugins-base1.0_1.18.4-2+deb11u4_source.buildinfo Files: 6543a2d445bdbedf45d61e565f42c59d 3713 libs optional gst-plugins-base1.0_1.18.4-2+deb11u4.dsc 523336ed6938b8b1004847cbbd5e31cb 3169512 libs optional gst-plugins-base1.0_1.18.4.orig.tar.xz e62a0e8cce5b2a95098082144518c6e3 55684 libs optional gst-plugins-base1.0_1.18.4-2+deb11u4.debian.tar.xz 100584ef64e35a844bb2a3ad7cf711ff 13727 libs optional gst-plugins-base1.0_1.18.4-2+deb11u4_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmkXVGQACgkQ5mx3Wuv+ bH2fshAAqkOvBWc3OSF7l3CgexNbAIDTbZ2fLJ2YNVkIr+JT2u/3bWPuDlRy7tDT iCOkXT/OgC13hzCt8aduY2ESvqMUVk6DFuqzLnAbuNSZnUCBOMm9A3ahzGIcwvt7 OICBZyt1hJbv/KcReusPASVVnqkVOOLgbJUd/2aG0ba0jvHqG6NRvv85uvUQPNtW H33U2JyUANjXS/ofwjxgXOgmsvmtYDa6PQink3zJ/1oczUb7hegTprOL1osPepxD ZLSKgWoOpKgGvcjlQLxPeqwk9YZ1EmpOOKVc8g0sudNFEi+XPDAHS4FFBOcKrGJ/ rXsPuk7ZMJGWVpfjhtk7JD6hYgmQvEfFjgTDEqkgawdJvdRT6TlW7+r7d+RJ50sX kxhJNZoI2+LrsqiYlXF+lsJFqZqz011n72A+zhWBB9NZhE+CMV6Ql3A5VXNdmwZM GIyNdRm4rSEJhLfvVoMQCPTyJH+cCIsZugxIz6so8Jv5JkNM6SaOeRMlRGD9LtLv dk5bXBWZnh9VJULjFMiVlNolvNu0jc3yawo07jO1OfkjQ4UjY1Yc6LEZr9f3Fdu8 81UKKs1M6jTO57T2U35h9vEMZcbQsXsoyFehAJAUY4O71xkP5/CVNjv3986KSznY r58qxXTRLXyLrz0rlNLKQQL4u7vxKiGi2apwGG7NaRJcbapLwQ0= =9oW4 -----END PGP SIGNATURE-----
pgp4Sy63tThMH.pgp
Description: PGP signature
