Import Debian changes 1.18.4-2+deb11u2

debian/changelog

+gst-plugins-good1.0 (1.18.4-2+deb11u2) bullseye-security; urgency=medium
+
+  * GST-2023-0001
+
+ -- Moritz Mühlenhoff <moritz@wikimedia.org>  Thu, 29 Jun 2023 18:15:50 +0200
+
 gst-plugins-good1.0 (1.18.4-2+deb11u1) bullseye-security; urgency=medium
 
   * debian/patches/0001-avidemux-Fix-integer-overflow-resulting-in-heap-corr.patch:

debian/patches/GST-2023-0001.patch

+
+--- gst-plugins-good1.0-1.18.4.orig/gst/audioparsers/gstflacparse.c
++++ gst-plugins-good1.0-1.18.4/gst/audioparsers/gstflacparse.c
+@@ -1108,6 +1108,7 @@ gst_flac_parse_handle_picture (GstFlacPa
+   GstMapInfo map;
+   guint32 img_len = 0, img_type = 0;
+   guint32 img_mimetype_len = 0, img_description_len = 0;
++  const guint8 *img_data;
+ 
+   gst_buffer_map (buffer, &map, GST_MAP_READ);
+   gst_byte_reader_init (&reader, map.data, map.size);
+@@ -1134,7 +1135,7 @@ gst_flac_parse_handle_picture (GstFlacPa
+   if (!gst_byte_reader_get_uint32_be (&reader, &img_len))
+     goto error;
+ 
+-  if (gst_byte_reader_get_pos (&reader) + img_len > map.size)
++  if (!gst_byte_reader_get_data (&reader, img_len, &img_data))
+     goto error;
+ 
+   GST_INFO_OBJECT (flacparse, "Got image of %d bytes", img_len);
+@@ -1143,8 +1144,7 @@ gst_flac_parse_handle_picture (GstFlacPa
+     if (flacparse->tags == NULL)
+       flacparse->tags = gst_tag_list_new_empty ();
+ 
+-    gst_tag_list_add_id3_image (flacparse->tags,
+-        map.data + gst_byte_reader_get_pos (&reader), img_len, img_type);
++    gst_tag_list_add_id3_image (flacparse->tags, img_data, img_len, img_type);
+   }
+ 
+   gst_buffer_unmap (buffer, &map);

debian/patches/series

@@ -2,3 +2,4 @@
 0001-matroskademux-Avoid-integer-overflow-resulting-in-he.patch
 0001-matroskademux-Fix-integer-overflows-in-zlib-bz2-etc-.patch
 0001-qtdemux-Fix-integer-overflows-in-zlib-decompression-.patch
+GST-2023-0001.patch