Merge updates from debian/bookworm-security

85eef0ab · Apertis CI robot · c59c76ff · 85ab1f8e · 85eef0ab · 85eef0ab
Commit 85eef0ab authored 1 year ago by Apertis CI robot
--- a/debian/changelog
+++ b/debian/changelog
+gst-plugins-bad1.0 (1.22.0-4+deb12u1) bookworm-security; urgency=medium
+
+  * GST-2023-0003
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Thu, 29 Jun 2023 19:32:41 +0200
+
 gst-plugins-bad1.0 (1.22.0-4+apertis1) apertis; urgency=medium

  * Sync updates from debian/bookworm

--- a/debian/patches/GST-2023-0003.patch
+++ b/debian/patches/GST-2023-0003.patch
+--- gst-plugins-bad1.0-1.18.4.orig/gst/dvdspu/gstspu-pgs.c
+++ gst-plugins-bad1.0-1.18.4/gst/dvdspu/gstspu-pgs.c
+@@ -593,6 +593,9 @@ parse_set_object_data (GstDVDSpu * dvdsp
+     obj->rle_data_size = GST_READ_UINT24_BE (payload);
+     payload += 3;
+ 
+    if (end - payload > obj->rle_data_size)
+      return 0;
+
+     PGS_DUMP ("%d bytes of RLE data, of %d bytes total.\n",
+         (int) (end - payload), obj->rle_data_size);
+ 
+@@ -604,7 +607,8 @@ parse_set_object_data (GstDVDSpu * dvdsp
+     PGS_DUMP ("%d bytes of additional RLE data\n", (int) (end - payload));
+     /* Check that the data chunk is for this object version, and fits in the buffer */
+     if (obj->rle_data_ver == obj_ver &&
+-        obj->rle_data_used + end - payload <= obj->rle_data_size) {
+        end - payload <= obj->rle_data_size &&
+        obj->rle_data_used <= obj->rle_data_size - (end - payload)) {
+ 
+       memcpy (obj->rle_data + obj->rle_data_used, payload, end - payload);
+       obj->rle_data_used += end - payload;
--- a/debian/patches/series
+++ b/debian/patches/series
 02_opencv-data-path.patch
 Skip-failing-tests.patch
+GST-2023-0003.patch