@@ -1,3 +1,3 @@
-# From https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.2.tar.xz.sha256sum
-sha256 3d8faf1ce3402c8535ce3a8c4e1a6c960e4b5655dbda6b55943db9ac79022d0f gst-plugins-bad-1.22.2.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz.sha256sum
+sha256 b4029cd2908a089c55f1d902a565d007495c95b1442d838485dc47fb12df7137 gst-plugins-bad-1.22.6.tar.xz
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING
@@ -4,7 +4,7 @@
#
################################################################################
-GST1_PLUGINS_BAD_VERSION = 1.22.2
+GST1_PLUGINS_BAD_VERSION = 1.22.6
GST1_PLUGINS_BAD_SOURCE = gst-plugins-bad-$(GST1_PLUGINS_BAD_VERSION).tar.xz
GST1_PLUGINS_BAD_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-bad
GST1_PLUGINS_BAD_INSTALL_STAGING = YES
Fixes the following security issues: CVE-2023-37329: Heap-based buffer overflow in the PGS blu-ray subtitle decoder when handling certain files in GStreamer versions before 1.22.4 / 1.20.7. https://gstreamer.freedesktop.org/security/sa-2023-0003.html CVE-2023-40474: Heap-based buffer overflow in the MXF file demuxer when handling malformed files with uncompressed video in GStreamer versions before 1.22.6. https://gstreamer.freedesktop.org/security/sa-2023-0006.html CVE-2023-40475: Heap-based buffer overflow in the MXF file demuxer when handling malformed files with AES3 audio in GStreamer versions before 1.22.6. https://gstreamer.freedesktop.org/security/sa-2023-0007.html CVE-2023-40476: Stack-based buffer overflow in the H.265 video parser when handling malformed H.265 video streams in GStreamer versions before 1.22.6. https://gstreamer.freedesktop.org/security/sa-2023-0008.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash | 4 ++-- package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)