Summary: | media-plugins/gst-plugins-ffmpeg is affected by CVE-2005-4048 | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | gstreamer, joem | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | A2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | |||||||
Bug Blocks: | 119737 | ||||||
Attachments: |
|
Description
Thierry Carrez (RETIRED)
2006-01-19 01:05:09 UTC
setting status whiteboard the 0.10 branch is still in package.maask so that shouldn't be an issue. 0.8.7-r1 can be marked stable. ok, lets go for it: arches please test and mark stable Created attachment 77575 [details]
config.log
checking for pkg-config... /usr/bin/pkg-config
checking for gstreamer-0.8 >= 0.8.4 gstreamer-libs-0.8... configure: error: no GStreamer found
!!! Please attach the config.log to your bug report:
!!! /var/tmp/portage/gst-plugins-ffmpeg-0.8.7-r1/work/gst-ffmpeg-0.8.7/config.log
!!! ERROR: media-plugins/gst-plugins-ffmpeg-0.8.7-r1 failed.
!!! Function econf, Line 495, Exitcode 0
!!! econf failed
note that gstreamer-0.8.10 is installed and /usr/lib64/pkgconfig/gstreamer-0.8.pc is in place and looks sane
Didn't hit the build issue, but then i'm on gstreamer & co version 0.8.11. As a precaution and looking into doing bug #119634 i'm bumping all of gst-0.8.11 to stable too. Remember to bump all of the gst-plugins you have stable too or you'll get up/downgrade cycles. Also had to adjust totem DEPs since they locked down to ( =gst-plugins-ffmpeg-0.8.6 || =gst-plugins-ffmpeg-0.8.7 ) (changed to ~) sparc done. Stable on x86 stable on ppc64 Stable on hppa nevermind, it turned out i must have done something not-so-intelligent in my pkgconfig dir, remerging gst-plugins did fix it amd64 stable Stabled on ppc by hansmi. Stable on alpha + ia64. To properly understand this: As I understand it, the bug is in libavcodec, so it should be in media-video/ffmpeg, too, right? Is gst-plugins-ffmpeg a wrapper to go with ffmpeg or does it contain its own version of the library? gst-plugins-0.8.7-r1 is stable on all arches. Marking as fixed. Sorry, reopening the bug as security needs to send the GLSA first (draft is finished and approved, will be done soon). GLSA 200602-01 Thanks everybody. |