-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : gst-plugins-base1.0 Version : 1.4.4-2+deb8u2 CVE ID : CVE-2019-9928
The RTSP connection parser in the base GStreamer packages version 1.0, which is a streaming media framework, was vulnerable against an heap-based buffer overflow by sending a longer than allowed session id in a response and including a semicolon to change the maximum length. This could result in a remote code execution. For Debian 8 "Jessie", this problem has been fixed in version 1.4.4-2+deb8u2. We recommend that you upgrade your gst-plugins-base1.0 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlzGFaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeCdw/+Nx+aCt5sRYHs8y2SfIoynZswiZ/ZXyvZNv1N3z8EB4jomBKfigSgadhF cf8ATfs3TYBb46tpimJMOfDUlyyKHjQwkxz50uElT5ghDLMdPH7y+vft38K+JbBG z5F8KyAk16a/JDv/8sacHOEegsPeOsgjkbwzW9eyZPk+DVQ07ZyR+r8kNEZ//3jZ kIDZ3qCEhR5wiuxfbIULJfn/6btZOmkAZU/Lxp0KJyaU3YVXspWeCTFtLKc0J8Rs MATNdm3wobxMYciuoCIYjo9qGIJfj/C2IES63pcc4VvkYCS2n7jB1dJTwG5jdYE2 72UCleSFc4JTHSDFMxCAvTzUADKAZZJo8LqOWSXZA+Kw4WTg83e+yqTTauvwPIQP 3V8+pyE6gboaSOe3rz6tT8pyn23fHFX/uowAYBESQ+jwAhiuwbT9eecK4OvKERGy Mn6bk8usS6ms4FUdrQodCsW5/43yezLQyh5e6n84VsfC/YyacALZSd3Qp7d2E3Gj JHRRjH4efrWGZE/fn7oqhw5SO2Lxuuyz9KNQA/UNWhw332hBg+/i1hi8HTKAePWa K69o7S2dBQmtmdJZ0C2jPDni9xy434NKPM1nSX1XICXuWEqUF3CmcVxGR7GcFe5t P9LBtO0sLKjbapoYEU7iQV8U2WXjP6gK5qKnUWccTtjXJV5amA4= =pcwS -----END PGP SIGNATURE-----
