security-advisories: sync with www module

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7865>

security-advisories/sa-2024-0004.md

@@ -0,0 +1,50 @@
+# Security Advisory 2024-0004 (CVE-2024-44331)
+
+<div class="vertical-table">
+
+|                   |     |
+| ----------------- | --- |
+| Summary           | RTSP server: Potential Denial-of-Service (DoS) with specially crafted client requests |
+| Date              | 2024-10-29 18:00 |
+| Affected Versions | GStreamer gst-rtsp-server >= 1.18.0, < 1.24.9 |
+| IDs               | GStreamer-SA-2024-0004<br/>CVE-2024-44331 |
+
+</div>
+
+## Details
+
+A series of specially crafted client requests during streaming setup
+(post client authentication, if any) can cause the RTSP server library
+to abort, if it has been compiled with assertions enabled.
+
+## Impact
+
+It is possible for a malicious RTSP client to potentially trigger a crash/abort
+of the RTSP server application, if it has been compiled with assertions enabled.
+There is no risk of code execution or memory manipulation.
+
+## Solution
+
+The gst-rtsp-server 1.24.9 releases (and git main branch) addresses the issue.
+People using older branches of GStreamer should apply the patch and recompile.
+
+## References
+
+### The GStreamer project
+
+- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
+
+### CVE Database Entries
+
+- [CVE-2024-44331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44331)
+
+### GStreamer releases
+
+#### 1.24 (current stable)
+
+- [GStreamer 1.24.9 release notes](/releases/1.24/#1.24.9)
+- [GStreamer RTSP Server Library 1.24.9](/src/gst-rtsp-server/gst-rtsp-server-1.24.9.tar.xz)
+
+### Patches
+
+- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7731.patch)