Some gstreamer 0.10 demuxers and codecs are known vulnerable and it is time to move on and not try to backport patches of bugs that happened to have a CVE stamped on it (many of which aren't easily exploitable at all, while other things might be that don't have a CVE number as it's a dead version). However app-accessibility/pocketsphinx still hard-requires it. So the package needs to go away, or a new snapshot packaged, with the 0.8 version removed soon. Upstream has ported to the new gstreamer series at end of 2014, and that support seems to have received fixes until end of 2015 (at which point I presume it's matured enough), however there has been no proper release still. Only release available after 0.8 is a "5prealpha", which however would be new enough for gstreamer purposes, but might require sphinxbase-5prealpha as well.
ping
If no one answers then maybe it should be treecleaned? PS: At least Debian seems to have packaged '0.8+5prealpha' - still available in Buster - so it can't be that bad.
Created attachment 554324 [details] pocketsphinx-0.8.ebuild I dropped gstreamer mandatory dependencies from pocketsphinx ebuild, after seeing that: emerge -1 --nodeps pocketsphinx, was a success (other dependencies were already installed, gstreamer not). It isn't obvious to see that this dependency is not mandatory, as ./configure doesn't expose a switch. sphinxbase also pushes not so mandatory dependencies (see: #476424) P.S.: Another free speech recognition engine alternative is nice, as there's not quite a lot. I would be glad to fill this comment using a speech recognition as an input method.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e7087a2bac91c5b30dfc576dc7543268fff0ef9 commit 1e7087a2bac91c5b30dfc576dc7543268fff0ef9 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-12-04 13:40:54 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-12-04 13:40:54 +0000 app-accessibility/pocketsphinx: Remove last-rited pkg Closes: https://bugs.gentoo.org/610434 Signed-off-by: Michał Górny <mgorny@gentoo.org> app-accessibility/pocketsphinx/Manifest | 1 - app-accessibility/pocketsphinx/metadata.xml | 11 ----- .../pocketsphinx/pocketsphinx-0.8.ebuild | 50 ---------------------- profiles/package.mask | 6 --- 4 files changed, 68 deletions(-)