Overview

File _patchinfo of Package patchinfo.25484

<patchinfo incident="25484">
  <issue tracker="bnc" id="1201688">VUL-0: CVE-2022-1920: gstreamer-0_10-plugins-good,gstreamer-plugins-good: Heap overwrite in matroska element</issue>
  <issue tracker="bnc" id="1201693">VUL-0: CVE-2022-1921: gstreamer-0_10-plugins-good,gstreamer-plugins-good: Heap overwrite in avidemux element</issue>
  <issue tracker="bnc" id="1201702">VUL-0: CVE-2022-1922: gstreamer-0_10-plugins-good,gstreamer-plugins-good: DOS / potential heap overwrite in mkv demuxing</issue>
  <issue tracker="bnc" id="1201704">VUL-0: CVE-2022-1923: gstreamer-0_10,gstreamer: DOS / potential heap overwrite in mkv demuxing using bzip</issue>
  <issue tracker="bnc" id="1201706">VUL-0: CVE-2022-1924: gstreamer,gstreamer-0_10: DOS / potential heap overwrite in mkv demuxing using lzo</issue>
  <issue tracker="bnc" id="1201707">VUL-0: CVE-2022-1925: gstreamer-0_10,gstreamer: DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP</issue>
  <issue tracker="bnc" id="1201708">VUL-0: CVE-2022-2122: gstreamer,gstreamer-0_10: DOS / potential heap overwrite in qtdemux using zlib</issue>
  <issue tracker="cve" id="2022-1920"/>
  <issue tracker="cve" id="2022-1921"/>
  <issue tracker="cve" id="2022-1922"/>
  <issue tracker="cve" id="2022-1923"/>
  <issue tracker="cve" id="2022-1924"/>
  <issue tracker="cve" id="2022-1925"/>
  <issue tracker="cve" id="2022-2122"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for gstreamer-plugins-good</summary>
  <description>This update for gstreamer-plugins-good fixes the following issues:

- CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688).
- CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693).
- CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702).
- CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704).
- CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706).
- CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707).
- CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places