From 8fe720e6ba3e02a1e067c65f7affd45cb044f25de2c9d49f1369a604972792c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= Date: Tue, 1 Aug 2023 21:54:56 +0000 Subject: [PATCH] Accepting request 1101776 from home:alarrosa:branches:multimedia:libs + subparse: Look for the closing > of a tag after the opening < (bsc#1213131, CVE-2023-37328) + Fixes FLAC file parsing integer overflow remote code execution vulnerability (bsc#1213128, CVE-2023-37327) + Fixes PGS file parsing heap-based buffer overflow remote code execution vulnerability (bsc#1213126, CVE-2023-37329) OBS-URL: https://build.opensuse.org/request/show/1101776 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/gstreamer-plugins-base?expand=0&rev=202 --- gstreamer-plugins-base.changes | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/gstreamer-plugins-base.changes b/gstreamer-plugins-base.changes index ea003eb..83f4e7e 100644 --- a/gstreamer-plugins-base.changes +++ b/gstreamer-plugins-base.changes @@ -36,11 +36,16 @@ Mon Jun 26 14:18:54 UTC 2023 - Bjørn Lie + opus: Fix potential crash when getting unexpected channel position. + streamsynchronizer: reset eos on STREAM_START. - + subparse: Look for the closing > of a tag after the opening <. + + subparse: Look for the closing > of a tag after the opening < + (bsc#1213131, CVE-2023-37328) + video: convertframe: Add D3D11 specific conversion path. + videometa: Only validate the alignment only when it contains some info. + video-blend: Fix linking error with C++. + + Fixes FLAC file parsing integer overflow remote code execution + vulnerability (bsc#1213128, CVE-2023-37327) + + Fixes PGS file parsing heap-based buffer overflow remote code + execution vulnerability (bsc#1213126, CVE-2023-37329) - Rebase reduce-required-meson.patch. -------------------------------------------------------------------