Summary: | <media-libs/gst-plugins-base-0.10.23 gst_vorbis_tag_add_coverart base64 decoding memory corruption (CVE-2009-0586) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | craig, gstreamer, hanno | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.ocert.org/advisories/ocert-2008-015.html | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 266986 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-03-07 17:46:46 UTC
Created attachment 184248 [details, diff]
gst-plugins-base-0.10.20-CVE-2009-0586.patch
upstream provided patch
upstream is going to release a new gstreamer package next thursday. However, it would be preferable to do prestable testing based on the current stable (or a later version) including the patch. Please attach an ebuild to this bug, do not commit anything to CVS! public: http://www.ocert.org/advisories/ocert-2008-015.html patch: http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9 *** Bug 262552 has been marked as a duplicate of this bug. *** Added gst-plugins-base 0.10.22 ebuild with the patch, if we want it stable, we also want all of its separated plugins as well as gst-plugins-bad 0.10.11 and its separated plugins. Also, having the new -bad means we also need the new -ugly and -good.. So, if we want the new -base stable, we need to make all the latest gst packages stable. Adding the stabilization bug as a dependency GLSA 200907-11 |