Overview

File _patchinfo of Package patchinfo.20668

<patchinfo incident="20668">
  <issue tracker="bnc" id="1184739">VUL-0: CVE-2021-3497: gstreamer-plugins-good: Use-after-free in matroska demuxing</issue>
  <issue tracker="bnc" id="1201688">VUL-0: CVE-2022-1920: gstreamer-0_10-plugins-good,gstreamer-plugins-good: Heap overwrite in matroska element</issue>
  <issue tracker="bnc" id="1201693">VUL-0: CVE-2022-1921: gstreamer-0_10-plugins-good,gstreamer-plugins-good: Heap overwrite in avidemux element</issue>
  <issue tracker="bnc" id="1201702">VUL-0: CVE-2022-1922: gstreamer-0_10-plugins-good,gstreamer-plugins-good: DOS / potential heap overwrite in mkv demuxing</issue>
  <issue tracker="bnc" id="1201704">VUL-0: CVE-2022-1923: gstreamer-0_10,gstreamer: DOS / potential heap overwrite in mkv demuxing using bzip</issue>
  <issue tracker="bnc" id="1201706">VUL-0: CVE-2022-1924: gstreamer,gstreamer-0_10: DOS / potential heap overwrite in mkv demuxing using lzo</issue>
  <issue tracker="bnc" id="1201707">VUL-0: CVE-2022-1925: gstreamer-0_10,gstreamer: DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP</issue>
  <issue tracker="bnc" id="1201708">VUL-0: CVE-2022-2122: gstreamer,gstreamer-0_10: DOS / potential heap overwrite in qtdemux using zlib</issue>
  <issue tracker="bnc" id="1213128">VUL-0: CVE-2023-37327: gstreamer-plugins-good,gstreamer-plugins-base,gstreamer-0_10-plugins-good: GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
  <issue tracker="cve" id="2021-3497"/>
  <issue tracker="cve" id="2022-1920"/>
  <issue tracker="cve" id="2022-1921"/>
  <issue tracker="cve" id="2022-1922"/>
  <issue tracker="cve" id="2022-1923"/>
  <issue tracker="cve" id="2022-1924"/>
  <issue tracker="cve" id="2022-1925"/>
  <issue tracker="cve" id="2022-2122"/>
  <issue tracker="cve" id="2023-37327"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for gstreamer-plugins-good</summary>
  <description>This update for gstreamer-plugins-good fixes the following issues:

- CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack (bsc#1184739).
- CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688).
- CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693).
- CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702).
- CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704).
- CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706).
- CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707).
- CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708).
- CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places