From 14e2374592284ba61384782ced095ea01ab4dfc5 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Fri, 6 Oct 2023 21:10:39 +0200 Subject: [PATCH] package/gst1-plugins-base: security bump to version 1.22.6 Fixes CVE-2023-37328: Heap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22.4 / 1.20.7. https://gstreamer.freedesktop.org/security/sa-2023-0002.html Signed-off-by: Peter Korsgaard --- package/gstreamer1/gst1-plugins-base/gst1-plugins-base.hash | 4 ++-- package/gstreamer1/gst1-plugins-base/gst1-plugins-base.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/gstreamer1/gst1-plugins-base/gst1-plugins-base.hash b/package/gstreamer1/gst1-plugins-base/gst1-plugins-base.hash index 173f359afc..a46ce228c4 100644 --- a/package/gstreamer1/gst1-plugins-base/gst1-plugins-base.hash +++ b/package/gstreamer1/gst1-plugins-base/gst1-plugins-base.hash @@ -1,3 +1,3 @@ -# From https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-1.22.2.tar.xz.sha256sum -sha256 eb65120c4ee79b7a153c3c1972d5c0158c2151877cc51ec7725bba5749679d49 gst-plugins-base-1.22.2.tar.xz +# From https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-1.22.6.tar.xz.sha256sum +sha256 50f2b4d17c02eefe430bbefa8c5cd134b1be78a53c0f60e951136d96cf49fd4b gst-plugins-base-1.22.6.tar.xz sha256 ad2eec519ebd4b5df86ea84dff24ae3bfa2edea846a703b58902dd221ae375db COPYING diff --git a/package/gstreamer1/gst1-plugins-base/gst1-plugins-base.mk b/package/gstreamer1/gst1-plugins-base/gst1-plugins-base.mk index 153187f743..7fcac012f2 100644 --- a/package/gstreamer1/gst1-plugins-base/gst1-plugins-base.mk +++ b/package/gstreamer1/gst1-plugins-base/gst1-plugins-base.mk @@ -4,7 +4,7 @@ # ################################################################################ -GST1_PLUGINS_BASE_VERSION = 1.22.2 +GST1_PLUGINS_BASE_VERSION = 1.22.6 GST1_PLUGINS_BASE_SOURCE = gst-plugins-base-$(GST1_PLUGINS_BASE_VERSION).tar.xz GST1_PLUGINS_BASE_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-base GST1_PLUGINS_BASE_INSTALL_STAGING = YES