-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : gst-plugins-bad0.10 Version : 0.10.23-7.1+deb7u3 CVE ID : CVE-2016-9445 CVE-2016-9446 CVE-2016-9447
CVE-2016-9445 CVE-2016-9446 Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code. He also found that an initialized buffer may lead into memory disclosure. CVE-2016-9447 Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code. For Debian 7 "Wheezy", these problems have been fixed in version 0.10.23-7.1+deb7u3. We recommend that you upgrade your gst-plugins-bad0.10 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYMOarAAoJEJ1GxIjkNoMCLQMP/ApO9ywh6rk87JyQnDbrS+MJ Co2A6ASTuJ7v+FEFQQb0CwDt1VH0GXOQby3/F2VGilNhnTsdJfdrKofjaxBcPZ3l 0B51jcjSdWxx3SRbPV6u9KVa/DGp1drUThMGik0cwpJr4zYjO5f6BrBAxcSMPiNH A6On/iuy8MdYlAy5E0QBT6XPg7V0dJw8v7ve3XBzl8w6ZmtBHLWqXQcL7yDr1tTM AdvbFj50QX1ym3lF+aLUkhW7QT6aNlJj9hztWvyQOXui7D9jn0mkj7CQP2EgloN+ M++MOKlHkPjgdkNKENrZPzoMBzTi1NwfvY7AsbrY2SyYD2VlbpGFYWrOh3SiyRfs SkyDx30qVULR0ys+tJeznMWuUZm0llu/q6oh9p0OROhcW6g2vhLroX+WRuIH7APy GIoz43t5ZtRZReygMd+d5lavUAzdnn9lQsyELwQF74HPTGtYTS4ufFufnw1tlFaD lZpxg8uCHHYGtzhwDx6/nMGcQkdD6mW3GDEwUeP+OSt+mo+z+UDelh+7iObUfOzv XPSfcFE8ZUc0JNJoQt/x6McDagQPTXFe7BIY8i+RaoImvj2J7fdKGcVuVz53npn+ Is3EbuLKhw0Gpxol3H5Oo5ePVIvT2Avq0ypigoElY7ZGDhMK+kSd4j3ABtw/HZld B9A6j+YDtKCWBiHFSgD4 =5DWQ -----END PGP SIGNATURE-----