Accepting request 1101776 from home:alarrosa:branches:multimedia:libs

+ subparse: Look for the closing > of a tag after the opening < (bsc#1213131, CVE-2023-37328) + Fixes FLAC file parsing integer overflow remote code execution vulnerability (bsc#1213128, CVE-2023-37327) + Fixes PGS file parsing heap-based buffer overflow remote code execution vulnerability (bsc#1213126, CVE-2023-37329) OBS-URL: https://build.opensuse.org/request/show/1101776 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/gstreamer-plugins-base?expand=0&rev=202
2023-08-01 21:54:56 +00:00 · 2023-08-01 21:54:56 +00:00 · 8fe720e6ba
commit 8fe720e6ba
parent f8c3966324
1 changed files with 6 additions and 1 deletions
--- a/gstreamer-plugins-base.changes
+++ b/gstreamer-plugins-base.changes
@ -36,11 +36,16 @@ Mon Jun 26 14:18:54 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
  + opus: Fix potential crash when getting unexpected channel
    position.
  + streamsynchronizer: reset eos on STREAM_START.
-  + subparse: Look for the closing > of a tag after the opening <.
+  + subparse: Look for the closing > of a tag after the opening < 
+    (bsc#1213131, CVE-2023-37328)
  + video: convertframe: Add D3D11 specific conversion path.
  + videometa: Only validate the alignment only when it contains
    some info.
  + video-blend: Fix linking error with C++.
+  + Fixes FLAC file parsing integer overflow remote code execution
+    vulnerability (bsc#1213128, CVE-2023-37327)
+  + Fixes PGS file parsing heap-based buffer overflow remote code
+    execution vulnerability (bsc#1213126, CVE-2023-37329)
 - Rebase reduce-required-meson.patch.

 -------------------------------------------------------------------