gst-plugins-bad1.0 (1.20.3-0ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: heap overwrite in PGS subtitle overlay decoder
- debian/patches/CVE-2023-37329-1.patch: make sure enough data is
allocated for the available data in gst/dvdspu/gstspu-pgs.c.
- debian/patches/CVE-2023-37329-2.patch: avoid integer overflow when
checking if enough data is available in gst/dvdspu/gstspu-pgs.c.
- CVE-2023-37329
* SECURITY UPDATE: integer overflow in MXF file handling
- debian/patches/CVE-2023-40474.patch: fix integer overflow causing out
of bounds writes when handling invalid uncompressed video in
gst/mxf/mxfup.c.
- CVE-2023-40474
* SECURITY UPDATE: integer overflow in MXF file handling
- debian/patches/CVE-2023-40475.patch: check number of channels for
AES3 audio in gst/mxf/mxfd10.c.
- CVE-2023-40475
* SECURITY UPDATE: integer overflow in H.265 video parser
- debian/patches/CVE-2023-40476.patch: fix possible overflow using
max_sub_layers_minus1 in gst-libs/gst/codecparsers/gsth265parser.c.
- CVE-2023-40476
* SECURITY UPDATE: AV1 codec parser buffer overflow
- debian/patches/CVE-2023-44429.patch: clip max tile rows and cols
values in gst-libs/gst/codecparsers/gstav1parser.c.
- CVE-2023-44429
* SECURITY UPDATE: MXF demuxer use-after-free
- debian/patches/CVE-2023-44446.patch: store GstMXFDemuxEssenceTrack in
their own fixed allocation in gst/mxf/mxfdemux.*.
- CVE-2023-44446
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 28 Nov 2023 11:40:39 -0500
gst-plugins-bad1.0 (1.20.3-0ubuntu1) jammy; urgency=medium
* New upstream release (LP: #1980239)
-- Jeremy Bicha <jbicha@ubuntu.com> Wed, 29 Jun 2022 09:50:26 -0400
gst-plugins-bad1.0 (1.20.1-1ubuntu2) jammy; urgency=medium
* debian/gstreamer1.0-plugins-bad.install: Fix i386 build
-- Jeremy Bicha <jeremy.bicha@canonical.com> Tue, 15 Mar 2022 13:10:14 -0400
gst-plugins-bad1.0 (1.20.1-1ubuntu1) jammy; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Stop installing camerabin2 basecamerabin jpegformat - plugins which have
moved to -good.
- Have gstreamer-plugins-bad-1.0.pc Require gstreamer-plugins-good-1.0 -
the package we've moved the referenced plugins to. This maintains
compatibility with upstream software and other distributions.
- Don't build the opencv binary packages on i386, avoiding a large tree
of numeric-related dependencies for a binary package it's not required
to support.
* d/rules, d/gstreamer1.0-plugins-bad.install:
- Don't require these Build-Depends on i386:
+ libltc-dev, libfreeaptx-dev, libopenh264-dev, libqrencode-dev,
libwpewebkit-1.0-dev, libzxingcore-dev
-- Jeremy Bicha <jeremy.bicha@canonical.com> Tue, 15 Mar 2022 11:53:37 -0400
gst-plugins-bad1.0 (1.20.1-1) unstable; urgency=medium
* debian/control,
debian/gstreamer1.0-plugins-bad.install:
+ Ship openh264 plugin (Closes: #1005226).
* New upstream bugfix release.
-- Sebastian Dröge <slomo@debian.org> Mon, 14 Mar 2022 17:03:33 +0200
gst-plugins-bad1.0 (1.20.0-4) unstable; urgency=medium
[ Laurent Bigonville ]
* debian/control,
debian/patches/03-openaptx-Support-libfreeaptx.patch:
+ Use libfreeaptx instead of libopenaptx.
-- Sebastian Dröge <slomo@debian.org> Wed, 16 Feb 2022 09:13:55 +0200
gst-plugins-bad1.0 (1.20.0-3) unstable; urgency=medium
[ Laurent Bigonville ]
* Do not build ldac plugin on big-endian architectures
libldac is not building on these, see #980372.
[ Sebastian Dröge ]
* Upload to unstable.
-- Sebastian Dröge <slomo@debian.org> Thu, 10 Feb 2022 15:32:48 +0200
gst-plugins-bad1.0 (1.20.0-2ubuntu2) jammy; urgency=medium
* d/rules, d/gstreamer1.0-plugins-bad.install, d/rules:
- Don't require these Build-Depends on i386:
+ libltc-dev, libopenaptx-dev, libqrencode-dev, libzxingcore-dev
-- Jeremy Bicha <jeremy.bicha@canonical.com> Mon, 07 Feb 2022 09:36:38 -0500
gst-plugins-bad1.0 (1.20.0-2ubuntu1) jammy; urgency=medium
[ Jeremy Bicha ]
* Merge from Debian unstable. Remaining changes:
- Stop installing camerabin2 basecamerabin jpegformat - plugins which have
moved to -good.
- Have gstreamer-plugins-bad-1.0.pc Require gstreamer-plugins-good-1.0 -
the package we've moved the referenced plugins to. This maintains
compatibility with upstream software and other distributions.
- Don't build the opencv binary packages on i386, avoiding a large tree
of numeric-related dependencies for a binary package it's not required
to support.
[ Laurent Bigonville ]
* Do not build ldac plugin on big-endian architectures
-- Jeremy Bicha <jeremy.bicha@canonical.com> Fri, 04 Feb 2022 16:40:20 -0500
gst-plugins-bad1.0 (1.20.0-2) unstable; urgency=medium
* debian/control:
+ Let gstreamer1.0-plugins-bad depend on gstreamer1.0-plugins-good as some
plugins in the former require plugins from the latter.
-- Sebastian Dröge <slomo@debian.org> Fri, 04 Feb 2022 10:27:30 +0200
# For older changelog entries, run 'apt-get changelog libgstreamer-plugins-bad1.0-0'
Generated by dwww version 1.14 on Thu Jan 23 03:25:52 CET 2025.