Version in base suite: 1.22.0-3+deb12u5

Base version: gst-plugins-base1.0_1.22.0-3+deb12u5
Target version: gst-plugins-base1.0_1.22.0-3+deb12u6
Base file: /srv/ftp-master.debian.org/ftp/pool/main/g/gst-plugins-base1.0/gst-plugins-base1.0_1.22.0-3+deb12u5.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/g/gst-plugins-base1.0/gst-plugins-base1.0_1.22.0-3+deb12u6.dsc

 changelog                   |    6 ++++++
 patches/CVE-2026-2921.patch |   28 ++++++++++++++++++++++++++++
 patches/series              |    1 +
 3 files changed, 35 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp34jd6f6z/gst-plugins-base1.0_1.22.0-3+deb12u5.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp34jd6f6z/gst-plugins-base1.0_1.22.0-3+deb12u6.dsc: no acceptable signature found
diff -Nru gst-plugins-base1.0-1.22.0/debian/changelog gst-plugins-base1.0-1.22.0/debian/changelog
--- gst-plugins-base1.0-1.22.0/debian/changelog	2025-08-21 17:47:14.000000000 +0000
+++ gst-plugins-base1.0-1.22.0/debian/changelog	2026-03-15 15:23:54.000000000 +0000
@@ -1,3 +1,9 @@
+gst-plugins-base1.0 (1.22.0-3+deb12u6) bookworm-security; urgency=medium
+
+  * CVE-2026-2921
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Sun, 15 Mar 2026 16:23:54 +0100
+
 gst-plugins-base1.0 (1.22.0-3+deb12u5) bookworm; urgency=medium
 
   * CVE-2025-47806
diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/CVE-2026-2921.patch gst-plugins-base1.0-1.22.0/debian/patches/CVE-2026-2921.patch
--- gst-plugins-base1.0-1.22.0/debian/patches/CVE-2026-2921.patch	1970-01-01 00:00:00.000000000 +0000
+++ gst-plugins-base1.0-1.22.0/debian/patches/CVE-2026-2921.patch	2026-03-15 15:23:41.000000000 +0000
@@ -0,0 +1,28 @@
+From 66d1f79c78b573db714434cf08e7531bed4f4473 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 11 Feb 2026 19:44:34 +0200
+Subject: [PATCH] riff: Correctly check that enough RGB palette data is
+ available
+
+--- gst-plugins-base1.0-1.22.0.orig/gst-libs/gst/riff/riff-media.c
++++ gst-plugins-base1.0-1.22.0/gst-libs/gst/riff/riff-media.c
+@@ -994,7 +994,7 @@ gst_riff_create_video_caps (guint32 code
+   if (palette) {
+     GstBuffer *copy;
+     guint num_colors;
+-    gsize size;
++    gsize expected_size, size;
+ 
+     if (strf != NULL)
+       num_colors = strf->num_colors;
+@@ -1003,7 +1003,9 @@ gst_riff_create_video_caps (guint32 code
+ 
+     size = gst_buffer_get_size (palette);
+ 
+-    if (size >= (num_colors * 4)) {
++    if (!g_size_checked_mul (&expected_size, num_colors, 4)) {
++      GST_WARNING ("Palette too large: broken file");
++    } else if (size >= expected_size) {
+       guint8 *pdata;
+ 
+       /* palette is always at least 256*4 bytes */
diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/series gst-plugins-base1.0-1.22.0/debian/patches/series
--- gst-plugins-base1.0-1.22.0/debian/patches/series	2025-08-21 08:41:35.000000000 +0000
+++ gst-plugins-base1.0-1.22.0/debian/patches/series	2026-03-15 15:23:31.000000000 +0000
@@ -10,3 +10,4 @@
 CVE-2025-47806.patch
 CVE-2025-47807.patch
 CVE-2025-47808.patch
+CVE-2026-2921.patch