Your message dated Thu, 30 May 2019 11:19:26 +0000 with message-id <e1hwj5i-0007ph...@fasolo.debian.org> and subject line Bug#927978: fixed in gst-plugins-base1.0 1.14.4-2 has caused the Debian Bug report #927978, regarding gst-plugins-base1.0: CVE-2019-9928: Buffer overflow in RTSP parsing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927978: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927978 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gst-plugins-base1.0 Version: 1.14.4-1 Severity: grave Tags: security upstream Forwarded: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157 Hi, The following vulnerability was published for gst-plugins-base1.0. CVE-2019-9928[0]: | GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP | connection parser via a crafted response from a server, potentially | allowing remote code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-9928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928 [1] https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157 [2] https://gstreamer.freedesktop.org/security/sa-2019-0001.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gst-plugins-base1.0 Source-Version: 1.14.4-2 We believe that the bug you reported is fixed in the latest version of gst-plugins-base1.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 927...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Dröge <sl...@debian.org> (supplier of updated gst-plugins-base1.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 30 May 2019 11:27:53 +0300 Source: gst-plugins-base1.0 Binary: gir1.2-gst-plugins-base-1.0 gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-plugins-base gstreamer1.0-plugins-base-apps gstreamer1.0-plugins-base-dbg gstreamer1.0-plugins-base-doc gstreamer1.0-x libgstreamer-gl1.0-0 libgstreamer-plugins-base1.0-0 libgstreamer-plugins-base1.0-dev Architecture: source amd64 all Version: 1.14.4-2 Distribution: unstable Urgency: high Maintainer: Maintainers of GStreamer packages <gst-plugins-base...@packages.debian.org> Changed-By: Sebastian Dröge <sl...@debian.org> Description: gir1.2-gst-plugins-base-1.0 - GObject introspection data for the GStreamer Plugins Base library gstreamer1.0-alsa - GStreamer plugin for ALSA gstreamer1.0-gl - GStreamer plugins for GL gstreamer1.0-plugins-base - GStreamer plugins from the "base" set gstreamer1.0-plugins-base-apps - GStreamer helper programs from the "base" set gstreamer1.0-plugins-base-dbg - GStreamer plugins from the "base" set gstreamer1.0-plugins-base-doc - GStreamer documentation for plugins from the "base" set gstreamer1.0-x - GStreamer plugins for X11 and Pango libgstreamer-gl1.0-0 - GStreamer GL libraries libgstreamer-plugins-base1.0-0 - GStreamer libraries from the "base" set libgstreamer-plugins-base1.0-dev - GStreamer development files for libraries from the "base" set Closes: 927978 Changes: gst-plugins-base1.0 (1.14.4-2) unstable; urgency=high . * debian/patches/0001-gstrtspconnection-Security-loophole-making-heap-over.patch: + Add upstream patch for CVE-2019-9928 (Closes: #927978). Checksums-Sha1: 220f7a8802e2d8dfafeefc4683714d36b4281386 4246 gst-plugins-base1.0_1.14.4-2.dsc f575a4fa7438fbe687ccfe7379a1fdad663fb81d 45244 gst-plugins-base1.0_1.14.4-2.debian.tar.xz 978685dc4c6cb8a09aa4fa422a06d3b807e38af7 1287304 gir1.2-gst-plugins-base-1.0_1.14.4-2_amd64.deb ba2aed67367ece6dec1f90554f5eb5bd263d122e 19415 gst-plugins-base1.0_1.14.4-2_amd64.buildinfo e99f7c3e1f258e85c8458410e981a267e4f62622 1240272 gstreamer1.0-alsa_1.14.4-2_amd64.deb 4e40b6bd6f197a93dd2e6bda0bb733e2b3b69066 1289252 gstreamer1.0-gl_1.14.4-2_amd64.deb 5a399ed27b38defc4df6f7f80a774def0627740b 1237200 gstreamer1.0-plugins-base-apps_1.14.4-2_amd64.deb 706ef2f416752fc4255389408924c6c80bde44f2 7845336 gstreamer1.0-plugins-base-dbg_1.14.4-2_amd64.deb 840a2a0c839f92f875d4ce90b895b43b433be47e 1677940 gstreamer1.0-plugins-base-doc_1.14.4-2_all.deb 69cc010eb6dc68984457f5d8eb83419a4af4a297 1790584 gstreamer1.0-plugins-base_1.14.4-2_amd64.deb 20e1757b9b6c69221153019d19662850d3d68d77 1279172 gstreamer1.0-x_1.14.4-2_amd64.deb 062629bd93a312d12eeb34defd18b0fc48b06983 1353304 libgstreamer-gl1.0-0_1.14.4-2_amd64.deb e52d7edf7bb236aae480a53bd0d50572a93c8aa2 1935708 libgstreamer-plugins-base1.0-0_1.14.4-2_amd64.deb 4008850745d0d646116ff2b4a3dbc6e84dbd4395 1518028 libgstreamer-plugins-base1.0-dev_1.14.4-2_amd64.deb Checksums-Sha256: 7047d8cf6221f0ea01a885152e2fd9625e32b0d7e95c0fd65ae1f9b0dea78097 4246 gst-plugins-base1.0_1.14.4-2.dsc 587dc73d816fc44a6a1fbe8f0279df3be901831ddaf3d16d36852df37011ad19 45244 gst-plugins-base1.0_1.14.4-2.debian.tar.xz 9ace033e35ee9a6b6a42ab3bd28c26c32afc98401e933599fd4a25a009e27f29 1287304 gir1.2-gst-plugins-base-1.0_1.14.4-2_amd64.deb 7fb0ce58a038bac4ebbad7be8c8330b1ff0b7509de00351295d88f5f8a5c973b 19415 gst-plugins-base1.0_1.14.4-2_amd64.buildinfo 839f36cd3cde44ff97862f958083282c6134ec8128e73327d11a59afe00d338f 1240272 gstreamer1.0-alsa_1.14.4-2_amd64.deb 5b8521fecde65a5f329cee9995fd29504f998fe7f90a178b231c8ed92485803f 1289252 gstreamer1.0-gl_1.14.4-2_amd64.deb a4338bc9a6cca0d7d03305e38ad70ad01d09ff476be71afcb744a1f4d07b207b 1237200 gstreamer1.0-plugins-base-apps_1.14.4-2_amd64.deb eb39f5a5baa4e3966b4a872eb6df8092c43af2ac83269f4816bc36e6ddbcdf78 7845336 gstreamer1.0-plugins-base-dbg_1.14.4-2_amd64.deb 183a9701bfd89ffdd5b3ae2746b87e78fc868b4a644b3488ea090fe0c87ad178 1677940 gstreamer1.0-plugins-base-doc_1.14.4-2_all.deb c62e46eae5b671176285e50268f342432b73293e7ebf149f036357e577f3f4fc 1790584 gstreamer1.0-plugins-base_1.14.4-2_amd64.deb ce842b872668f1bd913a6e7b9b31174d224e2815476070d5bf3c4e47acd52b42 1279172 gstreamer1.0-x_1.14.4-2_amd64.deb 41b702e8700a87daafdc7758bb1e4c43849babf36d982bbfec79e0585f023c64 1353304 libgstreamer-gl1.0-0_1.14.4-2_amd64.deb be0fea48d5ff9bc178d0af25f9b8cf4dbc9cd915368ea79c848e636d46c6b85a 1935708 libgstreamer-plugins-base1.0-0_1.14.4-2_amd64.deb b4fa8fb012ce3db5179e0ccab722770b607524450cbb380372b7150e75a096c8 1518028 libgstreamer-plugins-base1.0-dev_1.14.4-2_amd64.deb Files: 79def783eee613dd65949bd5e3467231 4246 libs optional gst-plugins-base1.0_1.14.4-2.dsc 4b623e55c736ab5dd7fdf794db9c7d79 45244 libs optional gst-plugins-base1.0_1.14.4-2.debian.tar.xz ae6c57acb5e23f26e2c6312e3b21f859 1287304 introspection optional gir1.2-gst-plugins-base-1.0_1.14.4-2_amd64.deb 03128c3f2c18f9a5e3da50c30b461bf0 19415 libs optional gst-plugins-base1.0_1.14.4-2_amd64.buildinfo d020da33dfe0338f706d20c8f851d09b 1240272 libs optional gstreamer1.0-alsa_1.14.4-2_amd64.deb 790c280f7122d7a25613604b1dc768e7 1289252 libs optional gstreamer1.0-gl_1.14.4-2_amd64.deb f67d24384fdb94515862e75317a79888 1237200 utils optional gstreamer1.0-plugins-base-apps_1.14.4-2_amd64.deb 4d731859e1803a4aa62eab3aaf2a54b0 7845336 debug extra gstreamer1.0-plugins-base-dbg_1.14.4-2_amd64.deb b7345d24fd445afe92633c11f6d12ff9 1677940 doc optional gstreamer1.0-plugins-base-doc_1.14.4-2_all.deb cd5eb027f00e859896e1518a5d4b191b 1790584 libs optional gstreamer1.0-plugins-base_1.14.4-2_amd64.deb 53e647c22a49e623aed099ab45824c56 1279172 libs optional gstreamer1.0-x_1.14.4-2_amd64.deb b7d3c84c986d8e1c35b5a03e39f1e5cc 1353304 libs optional libgstreamer-gl1.0-0_1.14.4-2_amd64.deb 91d789e9855debfcbd181ee1c872c228 1935708 libs optional libgstreamer-plugins-base1.0-0_1.14.4-2_amd64.deb dfb486daffb6f74c7ea0b1e8acb4579f 1518028 libdevel optional libgstreamer-plugins-base1.0-dev_1.14.4-2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEEf0vHzDygb5cza7/rBmjMFIbC17UFAlzvlw5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDdG NEJDN0NDM0NBMDZGOTczMzZCQkZFQjA2NjhDQzE0ODZDMkQ3QjUSHHNsb21vQGNv YXhpb24ubmV0AAoJEAZozBSGwte1UT4QAKfaLWXEoQvvzzJtL4LDcI5DolyLHcsl 7kZ3mDbViGn0iVteA0nfS9IV8uI7dbS1RfKceZkDDFsjyRxH7j+mydoVxuJvmk+Z Mk8KBtZCfUGUUZKy/JgRa5f6MmqzHIqQeRozhBMS0twRcMQnzRqi520KdbMUWKJo hbf6g7+TtS61B2h0ZoGic69FwPjJxkmVqlBZfAZVPQ1gEpYgmch6nZPe+asQGFuG BkMbjqIzinL782dTOheF8cM8PpIkn2dfCJoPI3HB9ZLKWodU0s6pk75Wuq7O1iId LDy3AAVD1LyAuLpIrpZeHoEYEC72hgeH3u4mqfwNTm63EXp7pxbn0573PY98g6yJ p6mruu22UgmG7pM4fBmfCQhIWAwsj4I1dVXlDULKeN7KVlZntrSg/RMN2dCMqVmq fo2c+LDPePxA14KtzU95lgjzaagMFRFIMph0qmRLNY0KBGIQX1s9LquNv2vgp3X/ y9TdirtlspoJkA0uHssscEKxNQUSPZln7/oA/ixsV5vIwhc6YY8wwi/hCAfJU0Lj 91Srm8sedUTvWaMqJTBLqLJsg1fLpoK6sEp/MFIpWUJCFIxg9TSY9wlWY7bppn9v zmLt26YXDPTqg4oYYVVWzFtMXCA05AisQslyljuRhP4fjVx4Frx9xeLBqIn+BemZ jPSn4JRBjMPU =M1FH -----END PGP SIGNATURE-----
--- End Message ---
