StarlingX

[Debian] High CVE: CVE-2023-37328 gst-plugins-base1.0: Heap-based buffer overflow

Bug #2033580 reported by Yue Tao on 2023-08-31

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Wentao Zhang

Base Score: High

Reference:

['libgstreamer-plugins-base1.0-0_1.18.4-2_amd64.deb===>libgstreamer-plugins-base1.0-0_1.18.4-2+deb11u1_amd64.deb']
https://www.debian.org/security/2023/dsa-5443
https://www.tenable.com/plugins/nessus/177887

Tags:

Yue Tao (wrytao) on 2023-08-31

tags:	added: stx.9.0 stx.security removed: stx.secu
summary:	[Debian] High CVE: CVE-2023-37328 gst-plugins-base1.0: Heap-based buffer - overflow [22.12] + overflow

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-09-15: Fix proposed to tools (master)

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-09-20: Fix merged to tools (master)

commit 609a63e1ac522058c98c10418c02e4f909786e5d
Author: Wentao Zhang <email address hidden>
Date: Fri Sep 15 10:23:17 2023 +0800

Debian: package : fix CVE-2023-37328

Upgrade libgstreamer-plugins-base1.0-0 to 1.18.4-2+deb11u1

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

Closes-bug: #2033580

Change-Id: Ia055896bc1252f0c304d5a2d059d62381e7b26ff
Signed-off-by: Wentao Zhang <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Ghada Khalil (gkhalil) on 2023-10-07

Changed in starlingx:
assignee:	nobody → Wentao Zhang (wzhang4)

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.