[ubuntu/noble-proposed] gst-plugins-bad1.0 1.22.9-1ubuntu2 (Accepted)
Jeremy Bícha
jbicha at ubuntu.com
Sat Feb 3 12:53:11 UTC 2024
gst-plugins-bad1.0 (1.22.9-1ubuntu2) noble; urgency=medium
* Have libgstreamer-plugins-bad1.0-dev depend on -good1.0-dev
gst-plugins-bad1.0 (1.22.9-1ubuntu1) noble; urgency=medium
* Merge with Debian. Remaining changes:
- Don't build wpewebkit plugins
- Stop installing camerabin2 basecamerabin jpegformat - plugins which have
moved to -good.
- Have gstreamer-plugins-bad-1.0.pc Require gstreamer-plugins-good-1.0 -
the package we've moved the referenced plugins to. This maintains
compatibility with upstream software and other distributions.
- Don't build the opencv binary packages on i386, avoiding a large tree
of numeric-related dependencies for a binary package it's not required
to support.
- d/control, d/gstreamer1.0-plugins-bad.install, d/rules:
+ Don't require these Build-Depends on i386:
- libltc-dev, libfreeaptx-dev, libqrencode-dev, libzxing-dev, glslc,
libdirectfb-dev, liblrdf0-dev, libneon27-dev
* Drop backported CVE patches included in new release
* debian/gbp.conf: Use ubuntu/latest branch (on Salsa)
gst-plugins-bad1.0 (1.22.9-1) unstable; urgency=high
* Team upload
* New upstream version 1.22.9
- CVE-2024-0444 (ZDI-CAN-22873, GStreamer-SA-2024-001):
AV1 codec parser potential buffer overflow during list tile parsing
* Run wrap-and-sort
gst-plugins-bad1.0 (1.22.8-1) unstable; urgency=high
* Team upload.
* New upstream version 1.22.8
- ZDI-CAN-22300: Heap-based buffer overflow in the AV1 codec parser
when handling certain malformed streams before GStreamer 1.22.8
* d/patches: skip netsim test. Mitigates: #1052660
gst-plugins-bad1.0 (1.22.7-1) unstable; urgency=high
* Team upload
* New upstream release
(Closes: #1056101, #1056102, #1053259, #1053260, #1053261)
- CVE-2023-40474: integer overflow in MXF file handling
- CVE-2023-40475: integer overflow in MXF file handling
- CVE-2023-40476: integer overflow in H.265 video parser
- CVE-2023-44429: AV1 codec parser buffer overflow
- CVE-2023-44446: MXF demuxer use-after-free
* Update libzxing-dev Build-Depends (Closes: #1054382)
Date: Sat, 03 Feb 2024 07:51:37 -0500
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.22.9-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Sat, 03 Feb 2024 07:51:37 -0500
Source: gst-plugins-bad1.0
Built-For-Profiles: noudeb
Architecture: source
Version: 1.22.9-1ubuntu2
Distribution: noble
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Closes: 1053259 1053260 1053261 1054382 1056101 1056102
Changes:
gst-plugins-bad1.0 (1.22.9-1ubuntu2) noble; urgency=medium
.
* Have libgstreamer-plugins-bad1.0-dev depend on -good1.0-dev
.
gst-plugins-bad1.0 (1.22.9-1ubuntu1) noble; urgency=medium
.
* Merge with Debian. Remaining changes:
- Don't build wpewebkit plugins
- Stop installing camerabin2 basecamerabin jpegformat - plugins which have
moved to -good.
- Have gstreamer-plugins-bad-1.0.pc Require gstreamer-plugins-good-1.0 -
the package we've moved the referenced plugins to. This maintains
compatibility with upstream software and other distributions.
- Don't build the opencv binary packages on i386, avoiding a large tree
of numeric-related dependencies for a binary package it's not required
to support.
- d/control, d/gstreamer1.0-plugins-bad.install, d/rules:
+ Don't require these Build-Depends on i386:
- libltc-dev, libfreeaptx-dev, libqrencode-dev, libzxing-dev, glslc,
libdirectfb-dev, liblrdf0-dev, libneon27-dev
* Drop backported CVE patches included in new release
* debian/gbp.conf: Use ubuntu/latest branch (on Salsa)
.
gst-plugins-bad1.0 (1.22.9-1) unstable; urgency=high
.
* Team upload
* New upstream version 1.22.9
- CVE-2024-0444 (ZDI-CAN-22873, GStreamer-SA-2024-001):
AV1 codec parser potential buffer overflow during list tile parsing
* Run wrap-and-sort
.
gst-plugins-bad1.0 (1.22.8-1) unstable; urgency=high
.
* Team upload.
* New upstream version 1.22.8
- ZDI-CAN-22300: Heap-based buffer overflow in the AV1 codec parser
when handling certain malformed streams before GStreamer 1.22.8
* d/patches: skip netsim test. Mitigates: #1052660
.
gst-plugins-bad1.0 (1.22.7-1) unstable; urgency=high
.
* Team upload
* New upstream release
(Closes: #1056101, #1056102, #1053259, #1053260, #1053261)
- CVE-2023-40474: integer overflow in MXF file handling
- CVE-2023-40475: integer overflow in MXF file handling
- CVE-2023-40476: integer overflow in H.265 video parser
- CVE-2023-44429: AV1 codec parser buffer overflow
- CVE-2023-44446: MXF demuxer use-after-free
* Update libzxing-dev Build-Depends (Closes: #1054382)
Checksums-Sha1:
85158e6bf73d737e4208793d39137ea0c726a575 5899 gst-plugins-bad1.0_1.22.9-1ubuntu2.dsc
5cccaffd12dad4b377f8606e0a79b0c2e6b1ac90 46368 gst-plugins-bad1.0_1.22.9-1ubuntu2.debian.tar.xz
cbdbbdfbf0795c8bff552e7b23a709c8b08bd02a 28291 gst-plugins-bad1.0_1.22.9-1ubuntu2_source.buildinfo
Checksums-Sha256:
7b754a0656b355b3bcfc8522dc3fe494359e1a79d944f3e07d1338a37c6edca4 5899 gst-plugins-bad1.0_1.22.9-1ubuntu2.dsc
38e9ddf3c440ac5969e4b518fe0498373bd90cb64c044648b5ee35df1581c9bb 46368 gst-plugins-bad1.0_1.22.9-1ubuntu2.debian.tar.xz
7dc9b76c77ef661f216bff722d20be879ea4c2e5ce4c620ee7c1b685750671aa 28291 gst-plugins-bad1.0_1.22.9-1ubuntu2_source.buildinfo
Files:
414e0e6cea2d4d06adf31481029fb804 5899 libs optional gst-plugins-bad1.0_1.22.9-1ubuntu2.dsc
13a2ce4db7d6d7406ec24c730547f65f 46368 libs optional gst-plugins-bad1.0_1.22.9-1ubuntu2.debian.tar.xz
006deed21d7edddf4ec6901dd88f8a35 28291 libs optional gst-plugins-bad1.0_1.22.9-1ubuntu2_source.buildinfo
Original-Maintainer: Maintainers of GStreamer packages <gst-plugins-bad1.0 at packages.debian.org>
More information about the noble-changes
mailing list