Your message dated Sun, 05 May 2019 18:47:08 +0000
with message-id <e1hnmag-0001xy...@fasolo.debian.org>
and subject line Bug#927978: fixed in gst-plugins-base1.0 1.10.4-1+deb9u1
has caused the Debian Bug report #927978,
regarding gst-plugins-base1.0: CVE-2019-9928: Buffer overflow in RTSP parsing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
927978: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927978
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gst-plugins-base1.0
Version: 1.14.4-1
Severity: grave
Tags: security upstream
Forwarded:
https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157
Hi,
The following vulnerability was published for gst-plugins-base1.0.
CVE-2019-9928[0]:
| GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP
| connection parser via a crafted response from a server, potentially
| allowing remote code execution.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-9928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928
[1] https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157
[2] https://gstreamer.freedesktop.org/security/sa-2019-0001.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gst-plugins-base1.0
Source-Version: 1.10.4-1+deb9u1
We believe that the bug you reported is fixed in the latest version of
gst-plugins-base1.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 927...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <j...@debian.org> (supplier of updated gst-plugins-base1.0
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Apr 2019 00:17:39 +0200
Source: gst-plugins-base1.0
Binary: gstreamer1.0-plugins-base-apps gstreamer1.0-plugins-base-doc
libgstreamer-plugins-base1.0-0 libgstreamer-plugins-base1.0-dev
gstreamer1.0-alsa gstreamer1.0-plugins-base gstreamer1.0-plugins-base-dbg
gstreamer1.0-x gir1.2-gst-plugins-base-1.0
Architecture: source amd64 all
Version: 1.10.4-1+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Maintainers of GStreamer packages
<pkg-gstreamer-maintain...@lists.alioth.debian.org>
Changed-By: Moritz Mühlenhoff <j...@debian.org>
Description:
gir1.2-gst-plugins-base-1.0 - GObject introspection data for the GStreamer
Plugins Base library
gstreamer1.0-alsa - GStreamer plugin for ALSA
gstreamer1.0-plugins-base - GStreamer plugins from the "base" set
gstreamer1.0-plugins-base-apps - GStreamer helper programs from the "base" set
gstreamer1.0-plugins-base-dbg - GStreamer plugins from the "base" set
gstreamer1.0-plugins-base-doc - GStreamer documentation for plugins from the
"base" set
gstreamer1.0-x - GStreamer plugins for X11 and Pango
libgstreamer-plugins-base1.0-0 - GStreamer libraries from the "base" set
libgstreamer-plugins-base1.0-dev - GStreamer development files for libraries
from the "base" set
Closes: 927978
Changes:
gst-plugins-base1.0 (1.10.4-1+deb9u1) stretch-security; urgency=medium
.
* CVE-2019-9928 (Closes: #927978)
Checksums-Sha1:
228140294a6d39d2e66ee759ee3874a3524c2894 3809
gst-plugins-base1.0_1.10.4-1+deb9u1.dsc
c6749d515d49373f2e04e7a87f5fc5bcfa16d7ef 3059368
gst-plugins-base1.0_1.10.4.orig.tar.xz
1d5642adf22d18a7a4bf5af7f4ec8973efc33fcf 41944
gst-plugins-base1.0_1.10.4-1+deb9u1.debian.tar.xz
447fa6ba2acf236bc163ed24155f57b1ed59f8cd 1019670
gir1.2-gst-plugins-base-1.0_1.10.4-1+deb9u1_amd64.deb
b114ba142731681e9bb2e9aa68a3f33ef1dcb0ca 17661
gst-plugins-base1.0_1.10.4-1+deb9u1_amd64.buildinfo
05a45518298a6e27bd98833cdf56d2cea5d365db 987560
gstreamer1.0-alsa_1.10.4-1+deb9u1_amd64.deb
e4a952df4b77c394df2736e2d27b33ade80f2e04 984036
gstreamer1.0-plugins-base-apps_1.10.4-1+deb9u1_amd64.deb
096333405c0c4a62f9393be8b324edd0f8364607 5251948
gstreamer1.0-plugins-base-dbg_1.10.4-1+deb9u1_amd64.deb
a66951537b776d4f7ae603dd41735dc5a97c2e63 1318470
gstreamer1.0-plugins-base-doc_1.10.4-1+deb9u1_all.deb
cdcc72126e3e7fa5e6222ff82e1b94124dc1b5f4 1497298
gstreamer1.0-plugins-base_1.10.4-1+deb9u1_amd64.deb
1a0a79654e6ff664599d3b9e64228ee54a003ac3 1025050
gstreamer1.0-x_1.10.4-1+deb9u1_amd64.deb
a4bdf52ea5547fb747cc958099f0702f340fa5d9 1645522
libgstreamer-plugins-base1.0-0_1.10.4-1+deb9u1_amd64.deb
3d1eb6ef090f3e1da263a458b07d51b0767f37fd 1198110
libgstreamer-plugins-base1.0-dev_1.10.4-1+deb9u1_amd64.deb
Checksums-Sha256:
90b434da8135e2cb4275e0095c383de2e01f1263e79d61708a200142a9876ed9 3809
gst-plugins-base1.0_1.10.4-1+deb9u1.dsc
f6d245b6b3d4cb733f81ebb021074c525ece83db0c10e932794b339b8d935eb7 3059368
gst-plugins-base1.0_1.10.4.orig.tar.xz
43951ef55643a21a5ff99e9ff5e3829f70839659769e772de069761f0e7a21a3 41944
gst-plugins-base1.0_1.10.4-1+deb9u1.debian.tar.xz
ed11c4ecdd2cf4f787919ebbb95224477fa5a8c857a434f553cbc38a1eb01dbb 1019670
gir1.2-gst-plugins-base-1.0_1.10.4-1+deb9u1_amd64.deb
655d1af0755b71eb1f47c132f5d3563dd6ad815a2de96c0780b933b9b18b8a12 17661
gst-plugins-base1.0_1.10.4-1+deb9u1_amd64.buildinfo
b75a1ef988cd07436db0afb7074d3a4d6f6236c7faf43298c2300c324d43608e 987560
gstreamer1.0-alsa_1.10.4-1+deb9u1_amd64.deb
ef4307b6fb7257c3276e2d7041fa9db0c2eabaf2ee8f0a15050d3a8ce8b01aee 984036
gstreamer1.0-plugins-base-apps_1.10.4-1+deb9u1_amd64.deb
335e741f0913ef69e84472298d82a603fa423124001f16faeb46899e749e5212 5251948
gstreamer1.0-plugins-base-dbg_1.10.4-1+deb9u1_amd64.deb
afd2df7ec10f5151f517f4e216d9f66e7a05e370c9a2a3b4825834601c4d2e16 1318470
gstreamer1.0-plugins-base-doc_1.10.4-1+deb9u1_all.deb
70cdfb0ee8ccba2010d994dc4a450416cc83703c76499cb0a527553f2d6ded2c 1497298
gstreamer1.0-plugins-base_1.10.4-1+deb9u1_amd64.deb
9a24e4010d6a7d73bc64793d6491e31cb7f92d8faeb6c704eec84da0884f15ff 1025050
gstreamer1.0-x_1.10.4-1+deb9u1_amd64.deb
de930112262d4cdd748411e41d213503d9f03edc11eea41b006deb30b5cf4d25 1645522
libgstreamer-plugins-base1.0-0_1.10.4-1+deb9u1_amd64.deb
79fe5150efe42e111132e035552de231f9ecfbe84c0497cd64f870b3917a2270 1198110
libgstreamer-plugins-base1.0-dev_1.10.4-1+deb9u1_amd64.deb
Files:
c0a6d078503a9a3830d355097c3440fa 3809 libs optional
gst-plugins-base1.0_1.10.4-1+deb9u1.dsc
f6b46f8fac01eb773d556e3efc369e86 3059368 libs optional
gst-plugins-base1.0_1.10.4.orig.tar.xz
58daee005440e9ea191100d5d2853d9f 41944 libs optional
gst-plugins-base1.0_1.10.4-1+deb9u1.debian.tar.xz
407b11f6377f04f573c9a3cfc7cf619e 1019670 introspection optional
gir1.2-gst-plugins-base-1.0_1.10.4-1+deb9u1_amd64.deb
4a4200dc5390c3cd9775642476f9de6b 17661 libs optional
gst-plugins-base1.0_1.10.4-1+deb9u1_amd64.buildinfo
f3e74ca2c2904b47328012ff097ca73d 987560 libs optional
gstreamer1.0-alsa_1.10.4-1+deb9u1_amd64.deb
20236a5ae8e2eb1eccd3042a8a7d6d40 984036 utils optional
gstreamer1.0-plugins-base-apps_1.10.4-1+deb9u1_amd64.deb
b1cd71204096f64062c4add5c4456c9d 5251948 debug extra
gstreamer1.0-plugins-base-dbg_1.10.4-1+deb9u1_amd64.deb
1d0a45d5d03d30cda805457378f16c2b 1318470 doc optional
gstreamer1.0-plugins-base-doc_1.10.4-1+deb9u1_all.deb
b4b83849a61c675fb35fb93af20cfcf1 1497298 libs optional
gstreamer1.0-plugins-base_1.10.4-1+deb9u1_amd64.deb
21949f1c05b7fb4d7155558108fd3d7b 1025050 libs optional
gstreamer1.0-x_1.10.4-1+deb9u1_amd64.deb
a8bb4a4e63f268e6e84484105a09aa2b 1645522 libs optional
libgstreamer-plugins-base1.0-0_1.10.4-1+deb9u1_amd64.deb
f8a95d2a2a0b58ea094b8274f45d8642 1198110 libdevel optional
libgstreamer-plugins-base1.0-dev_1.10.4-1+deb9u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzHCZkACgkQEMKTtsN8
TjZh/A/3QuWETdUUDXNfeLpQbnec4jyhkD0gdh5IUZ/AbPYge8Cuzq/fi6t/KEZY
dyAkip257msayupL7vk58PNHAQFB18vAV0aVwkiBIC9noh6Y81aTQXdfzFwsqXjK
Jjb82GADIYtuYC1UCXAvHdc3T1SAWwVK3E9pvmPybYIgGQxEi20Ndl9lXADaNTzN
ApL3aA4lNZcqw9YRzYlO+2F/5cBCkLhRDw0bAm8neqBAsoD29A0cm2ziOIeEeiGX
c8MEL9vyZEP8ZP8MlH85dq73XwAzUUA2KYM0GtIWr5bR6gFkAHF+HFKSd7N/uGdD
3Jwt22+uQXDkbTcjMeTFU1+m9ZsYR/QVl+Ycp6EJj0zSnX3vndyZ13agXLWYHAh0
Udo4Xdk996CswgFHHFQGBl/WVE3DeUFMVDI0lhbA1p0HzS2XLd/R5xggbNoMcNzp
amZZ4VLsfBfcOfmFSbVDVbirLesuxKm/NPR3zoUCVkO/m2U9xApL0KfvnQ2QxxTx
nRqC/AHM1AgMlPRY/eePRYD2mw1rx6gkt5/mCRTdp3maVWzRQKul/PDEmQ0PTLmM
ixRlZeNNNvRPa4wksrpef6g6gX9SgEOQJhFHdeKnZ9hV7ZGWwb04y/6bYGV+cHLC
z9ZHjvzwhXP9qXhcd1KYUazmB3P1rbNc4mWWvLFI7/WDdlh1OA==
=bLZW
-----END PGP SIGNATURE-----
--- End Message ---
