Your message dated Sat, 06 Sep 2025 12:14:50 +0100
with message-id
<ee4c0876608d99eb3f8b333b556fbd92e7a652eb.ca...@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 12.12
has caused the Debian Bug report #1111959,
regarding bookworm-pu: package gst-plugins-base1.0/1.22.0-3+deb12u5
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111959: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111959
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:gst-plugins-base1.0
User: [email protected]
Usertags: pu
Fixes three low impact security issues, tested with a few test
files and autopkgtests as run via debusine also worked fine.
Debdiff below.
Cheers,
Moritz
diff -Nru gst-plugins-base1.0-1.22.0/debian/changelog
gst-plugins-base1.0-1.22.0/debian/changelog
--- gst-plugins-base1.0-1.22.0/debian/changelog 2024-12-30 10:02:08.000000000
+0100
+++ gst-plugins-base1.0-1.22.0/debian/changelog 2025-08-21 19:47:14.000000000
+0200
@@ -1,3 +1,11 @@
+gst-plugins-base1.0 (1.22.0-3+deb12u5) bookworm; urgency=medium
+
+ * CVE-2025-47806
+ * CVE-2025-47807
+ * CVE-2025-47808
+
+ -- Moritz Mühlenhoff <[email protected]> Thu, 21 Aug 2025 19:47:14 +0200
+
gst-plugins-base1.0 (1.22.0-3+deb12u4) bookworm; urgency=medium
* Non-maintainer upload.
diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47806.patch
gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47806.patch
--- gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47806.patch
1970-01-01 01:00:00.000000000 +0100
+++ gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47806.patch
2025-08-21 10:40:42.000000000 +0200
@@ -0,0 +1,38 @@
+From da4380c4df0e00f8d0bad569927bfc7ea35ec37d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <[email protected]>
+Date: Thu, 8 May 2025 12:46:40 +0300
+Subject: [PATCH] subparse: Make sure that subrip time string is not too long
+ before zero-padding
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4419
+Fixes CVE-2025-47806
+
+Part-of:
<https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9135>
+
+--- gst-plugins-base1.0-1.22.0.orig/gst/subparse/gstsubparse.c
++++ gst-plugins-base1.0-1.22.0/gst/subparse/gstsubparse.c
+@@ -850,7 +850,7 @@ parse_subrip_time (const gchar * ts_stri
+ g_strdelimit (s, " ", '0');
+ g_strdelimit (s, ".", ',');
+
+- /* make sure we have exactly three digits after he comma */
++ /* make sure we have exactly three digits after the comma */
+ p = strchr (s, ',');
+ if (p == NULL) {
+ /* If there isn't a ',' the timestamp is broken */
+@@ -858,6 +858,15 @@ parse_subrip_time (const gchar * ts_stri
+ GST_WARNING ("failed to parse subrip timestamp string '%s'", s);
+ return FALSE;
+ }
++
++ /* Check if the comma is too far into the string to avoid
++ * stack overflow when zero-padding the sub-second part.
++ *
++ * Allow for 3 digits of hours just in case. */
++ if ((p - s) > sizeof ("hhh:mm:ss,")) {
++ GST_WARNING ("failed to parse subrip timestamp string '%s'", s);
++ return FALSE;
++ }
+
+ ++p;
+ len = strlen (p);
diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47807.patch
gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47807.patch
--- gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47807.patch
1970-01-01 01:00:00.000000000 +0100
+++ gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47807.patch
2025-08-21 10:41:16.000000000 +0200
@@ -0,0 +1,37 @@
+From 0711a31221a27c076dde3b9716cbcabf85088fa5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <[email protected]>
+Date: Thu, 8 May 2025 09:14:15 +0300
+Subject: [PATCH] subparse: Check for valid UTF-8 before cleaning up lines and
+ check for regex replace errors
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4418
+Fixes CVE-2025-47807
+
+Part-of:
<https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9135>
+
+--- gst-plugins-base1.0-1.22.0.orig/gst/subparse/gstsubparse.c
++++ gst-plugins-base1.0-1.22.0/gst/subparse/gstsubparse.c
+@@ -666,6 +666,12 @@ subrip_unescape_formatting (gchar * txt,
+ res = g_regex_replace (tag_regex, txt, strlen (txt), 0,
+ replace_pattern, 0, NULL);
+
++ /* Replacing can fail. Return an empty string in that case. */
++ if (!res) {
++ strcpy (txt, "");
++ return;
++ }
++
+ /* res will always be shorter than the input or identical, so this
+ * copy is OK */
+ strcpy (txt, res);
+@@ -1046,6 +1052,10 @@ parse_subrip (ParserState * state, const
+ g_string_append_c (state->buf, '\n');
+ g_string_append (state->buf, line);
+ if (strlen (line) == 0) {
++ if (!g_utf8_validate (state->buf->str, state->buf->len, NULL)) {
++ g_string_truncate (state->buf, 0);
++ return NULL;
++ }
+ ret = g_markup_escape_text (state->buf->str, state->buf->len);
+ g_string_truncate (state->buf, 0);
+ state->state = 0;
diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47808.patch
gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47808.patch
--- gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47808.patch
1970-01-01 01:00:00.000000000 +0100
+++ gst-plugins-base1.0-1.22.0/debian/patches/CVE-2025-47808.patch
2025-08-21 10:41:48.000000000 +0200
@@ -0,0 +1,24 @@
+From 9b810e83d0f4135cf5a066da8b9430cf6e375d29 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <[email protected]>
+Date: Thu, 8 May 2025 09:04:52 +0300
+Subject: [PATCH] tmplayer: Don't append NULL + 1 to the string buffer when
+ parsing lines without text
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4417
+Fixes CVE-2025-47808
+
+Part-of:
<https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9135>
+
+--- gst-plugins-base1.0-1.22.0.orig/gst/subparse/tmplayerparse.c
++++ gst-plugins-base1.0-1.22.0/gst/subparse/tmplayerparse.c
+@@ -125,7 +125,9 @@ tmplayer_parse_line (ParserState * state
+ * durations from the start times anyway, so as long as the parser just
+ * forwards state->start_time by duration after it pushes the line we
+ * are about to return it will all be good. */
+- g_string_append (state->buf, text_start + 1);
++ if (text_start) {
++ g_string_append (state->buf, text_start + 1);
++ }
+ } else if (line_num > 0) {
+ GST_WARNING ("end of subtitle unit but no valid start time?!");
+ }
diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/series
gst-plugins-base1.0-1.22.0/debian/patches/series
--- gst-plugins-base1.0-1.22.0/debian/patches/series 2024-12-30
10:00:27.000000000 +0100
+++ gst-plugins-base1.0-1.22.0/debian/patches/series 2025-08-21
10:41:35.000000000 +0200
@@ -7,3 +7,6 @@
CVE-2024-47615.patch
CVE-2024-47835.patch
id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch
+CVE-2025-47806.patch
+CVE-2025-47807.patch
+CVE-2025-47808.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 12.12
Hi,
Each of the updates referenced by these requests was included in
today's 12.12 point release for bookworm.
Regards,
Adam
--- End Message ---
