[Buildroot] [git commit branch/2022.05.x] package/gst1-plugins-good: security bump to version 1.20.3

Peter Korsgaard peter at korsgaard.com
Fri Jul 22 06:29:02 UTC 2022 

commit: https://git.buildroot.net/buildroot/commit/?id=3a8d893770e059615f38b802615369c1a11567b0
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.05.x

Fixes the following security issues:

- avidemux: Fix integer overflow resulting in heap corruption in DIB buffer
  inversion code
  https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2609

- matroskademux: Avoid integer-overflow resulting in heap corruption in
  WavPack header handling code
  https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2613

- matroskademux, qtdemux: Fix integer overflows in zlib/bz2/etc
  decompression code
  https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2611

- smpte: Fix integer overflow with possible heap corruption in GstMask
  creation
  https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2605

- smpte: integer overflow with possible heap corruption in GstMask creation
  https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1231

Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit ce4a549dbe1e865b70dc4493ebbe1bc9ff5ffc8e)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash | 4 ++--
 package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash b/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash
index cccd07dd2d..81da41388f 100644
--- a/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash
+++ b/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash
@@ -1,3 +1,3 @@
-# From https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.20.1.tar.xz.sha256sum
-sha256  3c66876f821d507bcdbebffb08b4f31a322727d6753f65a0f02c905ecb7084aa  gst-plugins-good-1.20.1.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz.sha256sum
+sha256  f8f3c206bf5cdabc00953920b47b3575af0ef15e9f871c0b6966f6d0aa5868b7  gst-plugins-good-1.20.3.tar.xz
 sha256  6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3  COPYING
diff --git a/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk b/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk
index 2b6cf769aa..61ffc7b989 100644
--- a/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk
+++ b/package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST1_PLUGINS_GOOD_VERSION = 1.20.1
+GST1_PLUGINS_GOOD_VERSION = 1.20.3
 GST1_PLUGINS_GOOD_SOURCE = gst-plugins-good-$(GST1_PLUGINS_GOOD_VERSION).tar.xz
 GST1_PLUGINS_GOOD_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-good
 GST1_PLUGINS_GOOD_LICENSE_FILES = COPYING

More information about the buildroot mailing list