Version in base suite: 1.18.4-2+deb11u1

Base version: gst-plugins-good1.0_1.18.4-2+deb11u1
Target version: gst-plugins-good1.0_1.18.4-2+deb11u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/g/gst-plugins-good1.0/gst-plugins-good1.0_1.18.4-2+deb11u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/g/gst-plugins-good1.0/gst-plugins-good1.0_1.18.4-2+deb11u2.dsc

 changelog                   |    6 ++++++
 patches/GST-2023-0001.patch |   30 ++++++++++++++++++++++++++++++
 patches/series              |    1 +
 3 files changed, 37 insertions(+)

diff -Nru gst-plugins-good1.0-1.18.4/debian/changelog gst-plugins-good1.0-1.18.4/debian/changelog
--- gst-plugins-good1.0-1.18.4/debian/changelog	2022-08-09 10:38:18.000000000 +0000
+++ gst-plugins-good1.0-1.18.4/debian/changelog	2023-06-29 16:14:48.000000000 +0000
@@ -1,3 +1,9 @@
+gst-plugins-good1.0 (1.18.4-2+deb11u2) bullseye-security; urgency=medium
+
+  * GST-2023-0001
+
+ -- Moritz Mühlenhoff <moritz@wikimedia.org>  Thu, 29 Jun 2023 18:15:50 +0200
+
 gst-plugins-good1.0 (1.18.4-2+deb11u1) bullseye-security; urgency=medium
 
   * debian/patches/0001-avidemux-Fix-integer-overflow-resulting-in-heap-corr.patch:
diff -Nru gst-plugins-good1.0-1.18.4/debian/patches/GST-2023-0001.patch gst-plugins-good1.0-1.18.4/debian/patches/GST-2023-0001.patch
--- gst-plugins-good1.0-1.18.4/debian/patches/GST-2023-0001.patch	1970-01-01 00:00:00.000000000 +0000
+++ gst-plugins-good1.0-1.18.4/debian/patches/GST-2023-0001.patch	2023-06-29 13:59:42.000000000 +0000
@@ -0,0 +1,30 @@
+
+--- gst-plugins-good1.0-1.18.4.orig/gst/audioparsers/gstflacparse.c
++++ gst-plugins-good1.0-1.18.4/gst/audioparsers/gstflacparse.c
+@@ -1108,6 +1108,7 @@ gst_flac_parse_handle_picture (GstFlacPa
+   GstMapInfo map;
+   guint32 img_len = 0, img_type = 0;
+   guint32 img_mimetype_len = 0, img_description_len = 0;
++  const guint8 *img_data;
+ 
+   gst_buffer_map (buffer, &map, GST_MAP_READ);
+   gst_byte_reader_init (&reader, map.data, map.size);
+@@ -1134,7 +1135,7 @@ gst_flac_parse_handle_picture (GstFlacPa
+   if (!gst_byte_reader_get_uint32_be (&reader, &img_len))
+     goto error;
+ 
+-  if (gst_byte_reader_get_pos (&reader) + img_len > map.size)
++  if (!gst_byte_reader_get_data (&reader, img_len, &img_data))
+     goto error;
+ 
+   GST_INFO_OBJECT (flacparse, "Got image of %d bytes", img_len);
+@@ -1143,8 +1144,7 @@ gst_flac_parse_handle_picture (GstFlacPa
+     if (flacparse->tags == NULL)
+       flacparse->tags = gst_tag_list_new_empty ();
+ 
+-    gst_tag_list_add_id3_image (flacparse->tags,
+-        map.data + gst_byte_reader_get_pos (&reader), img_len, img_type);
++    gst_tag_list_add_id3_image (flacparse->tags, img_data, img_len, img_type);
+   }
+ 
+   gst_buffer_unmap (buffer, &map);
diff -Nru gst-plugins-good1.0-1.18.4/debian/patches/series gst-plugins-good1.0-1.18.4/debian/patches/series
--- gst-plugins-good1.0-1.18.4/debian/patches/series	2022-08-09 10:38:07.000000000 +0000
+++ gst-plugins-good1.0-1.18.4/debian/patches/series	2023-06-29 13:59:37.000000000 +0000
@@ -2,3 +2,4 @@
 0001-matroskademux-Avoid-integer-overflow-resulting-in-he.patch
 0001-matroskademux-Fix-integer-overflows-in-zlib-bz2-etc-.patch
 0001-qtdemux-Fix-integer-overflows-in-zlib-decompression-.patch
+GST-2023-0001.patch