GStreamer plugins with good code and licensing
Go to file
RHEL Packaging Agent ed74ee9326 Fix CVE-2026-53705: integer overflow in wavpackdec
Backport 4 upstream patches from GStreamer MR !11811 to fix
CVE-2026-53705 (integer overflow vulnerabilities in wavpackdec).

The patches address:
- Integer overflow in output buffer size allocation
- Use of correctly-sized variable types
- Integer overflow in input buffer size check
- Unmapping input buffer directly after decoding

Paths were adjusted from upstream monorepo layout to match the
RHEL 8 standalone source tree, and conflicts were resolved for
3 of the 4 patches due to differences in the 1.16.1 codebase.

CVE: CVE-2026-53705
Upstream patches:
 - ed09b69275.patch
 - e9ded43316.patch
 - 9326c636a2.patch
 - f7cb3e0288.patch
Resolves: RHEL-184473

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-06-19 14:55:03 +00:00
.gitignore re-import sources as agreed with the maintainer 2023-07-10 12:58:17 +02:00
0001-matroskademux-Fix-extraction-of-multichannel-WavPack.patch CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606, 2024-12-16 16:13:39 +01:00
0001-rtpqdm2depay-error-out-if-anyone-tries-to-use-this-e.patch Add patch for CVE-2026-3083 and CVE-2026-3085 2026-03-31 13:22:08 +02:00
0002-matroskademux-Initialize-track-context-out-parameter.patch CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606, 2024-12-16 16:13:39 +01:00
0003-flacparse-Avoid-integer-overflow-in-available-data-c.patch CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606, 2024-12-16 16:13:39 +01:00
0004-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606, 2024-12-16 16:13:39 +01:00
0005-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606, 2024-12-16 16:13:39 +01:00
0006-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606, 2024-12-16 16:13:39 +01:00
0007-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606, 2024-12-16 16:13:39 +01:00
0008-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606, 2024-12-16 16:13:39 +01:00
0009-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606, 2024-12-16 16:13:39 +01:00
gating.yaml Bring gating.yaml over from Brew dist-git 2023-03-10 10:43:14 -08:00
gstreamer1-plugins-good-1.16.1-CVE-2026-53705.patch Fix CVE-2026-53705: integer overflow in wavpackdec 2026-06-19 14:55:03 +00:00
gstreamer1-plugins-good.spec Fix CVE-2026-53705: integer overflow in wavpackdec 2026-06-19 14:55:03 +00:00
sources Auto sync2gitlab import of gstreamer1-plugins-good-1.16.1-2.el8.src.rpm 2022-05-26 09:17:30 -04:00