[ubuntu/jaunty] gst-plugins-base0.10 0.10.22-3ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Mar 17 21:15:18 GMT 2009 

gst-plugins-base0.10 (0.10.22-3ubuntu1) jaunty; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution when processing large
    Base64 encoded images in vorbis tags
    - debian/patches/21_security_CVE-2009-0586.patch: do in-place decoding of
      img_data_base64 so we don't need to check length in
      gst-libs/gst/tag/gstvorbistag.c.
    - CVE-2009-0586

Date: Tue, 17 Mar 2009 14:51:39 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/gst-plugins-base0.10/0.10.22-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 17 Mar 2009 14:51:39 -0400
Source: gst-plugins-base0.10
Binary: gstreamer0.10-plugins-base-apps gstreamer0.10-plugins-base-doc libgstreamer-plugins-base0.10-0 libgstreamer-plugins-base0.10-dev gstreamer0.10-alsa gstreamer0.10-gnomevfs gstreamer0.10-plugins-base gstreamer0.10-plugins-base-dbg gstreamer0.10-x
Architecture: source
Version: 0.10.22-3ubuntu1
Distribution: jaunty
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 gstreamer0.10-alsa - GStreamer plugin for ALSA
 gstreamer0.10-gnomevfs - GStreamer plugin for GnomeVFS
 gstreamer0.10-plugins-base - GStreamer plugins from the "base" set
 gstreamer0.10-plugins-base-apps - GStreamer helper programs from the "base" set
 gstreamer0.10-plugins-base-dbg - GStreamer plugins from the "base" set
 gstreamer0.10-plugins-base-doc - GStreamer documentation for plugins from the "base" set
 gstreamer0.10-x - GStreamer plugins for X11 and Pango
 libgstreamer-plugins-base0.10-0 - GStreamer libraries from the "base" set
 libgstreamer-plugins-base0.10-dev - GStreamer development files for libraries from the "base" set
Changes: 
 gst-plugins-base0.10 (0.10.22-3ubuntu1) jaunty; urgency=low
 .
   * SECURITY UPDATE: possible arbitrary code execution when processing large
     Base64 encoded images in vorbis tags
     - debian/patches/21_security_CVE-2009-0586.patch: do in-place decoding of
       img_data_base64 so we don't need to check length in
       gst-libs/gst/tag/gstvorbistag.c.
     - CVE-2009-0586
Checksums-Sha1: 
 c9809909949d9c4e76da792c92b989bc97aff43c 2438 gst-plugins-base0.10_0.10.22-3ubuntu1.dsc
 470a7a78a221da472056427206e1d9a2d125a633 35921 gst-plugins-base0.10_0.10.22-3ubuntu1.diff.gz
Checksums-Sha256: 
 8697495b4b4fc3660a51c421b98b7a826c7eb9dc2650fd6d64a9b1a787e86af1 2438 gst-plugins-base0.10_0.10.22-3ubuntu1.dsc
 e0e106154c6850f6b490ff5cc9a2b92b532d20f0c0ba528dbf0be55555f751d6 35921 gst-plugins-base0.10_0.10.22-3ubuntu1.diff.gz
Files: 
 7fb628d83bcb9393dd85875aa67206ff 2438 libs optional gst-plugins-base0.10_0.10.22-3ubuntu1.dsc
 609d4be2d475811276047c9c85851cdc 35921 libs optional gst-plugins-base0.10_0.10.22-3ubuntu1.diff.gz
Original-Maintainer: Maintainers of GStreamer packages <pkg-gstreamer-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknADwQACgkQW0JvuRdL8Bp3GACeIYhHNI0Ts9L2qtBi6BplDuTx
GnIAn0wChPyKjY61ownfvB0PYqlPq9GA
=OcFp
-----END PGP SIGNATURE-----

More information about the Jaunty-changes mailing list