From 40c3696131a2b93ea3da2556352dc79c19ac2e9c Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Fri, 6 Oct 2023 21:10:40 +0200 Subject: [PATCH] package/gst1-plugins-good: security bump to version 1.22.6 Fixes CVE-2023-37327: Heap-based buffer overflow in the FLAC parser when handling malformed image tags in GStreamer versions before 1.22.4 / 1.20.7. https://gstreamer.freedesktop.org/security/sa-2023-0001.html Signed-off-by: Peter Korsgaard --- package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash | 4 ++-- package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash b/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash index 604e74b57d..1b315ac1cc 100644 --- a/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash +++ b/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash @@ -1,3 +1,3 @@ -# From https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.22.2.tar.xz.sha256sum -sha256 7c8cc59425f2b232f60ca7d13e56edd615da4f711e73dd01a7cffa46e6bc0cdd gst-plugins-good-1.22.2.tar.xz +# From https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.22.6.tar.xz.sha256sum +sha256 b3b07fe3f1ce7fe93aa9be7217866044548f35c4a7792280eec7e108a32f9817 gst-plugins-good-1.22.6.tar.xz sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3 COPYING diff --git a/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk b/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk index 41f4c727f3..4c6188c097 100644 --- a/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk +++ b/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk @@ -4,7 +4,7 @@ # ################################################################################ -GST1_PLUGINS_GOOD_VERSION = 1.22.2 +GST1_PLUGINS_GOOD_VERSION = 1.22.6 GST1_PLUGINS_GOOD_SOURCE = gst-plugins-good-$(GST1_PLUGINS_GOOD_VERSION).tar.xz GST1_PLUGINS_GOOD_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-good GST1_PLUGINS_GOOD_LICENSE_FILES = COPYING