Summary: | <media-libs/gst-rtsp-server-1.16.2: Denial of service via GstRTSPAuth (CVE-2020-6095) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ajak, gstreamer |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/GStreamer/gst-rtsp-server/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a | ||
See Also: | https://github.com/gentoo/gentoo/pull/18074 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
media-libs/gst-rtsp-server-1.16.2
|
Runtime testing required: | --- |
Description
Sam James
2020-03-27 20:47:29 UTC
Maintainer(s): Ping. ping The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fa29d9e36377f98e19c9a9eddead073781f18eb commit 4fa29d9e36377f98e19c9a9eddead073781f18eb Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2020-08-29 09:58:35 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2020-08-29 09:59:46 +0000 media-libs/gst-rtsp-server: bump to 1.16.2, fix CVE-2020-6095 Includes 3 commits from origin/1.16, including fix for CVE-2020-6095. Tests fail due to new max-ttl work in 1.16, disable for now. 1.18 will be meson-based and we'll retry with tests naturally then. Bug: https://bugs.gentoo.org/715100 Package-Manager: Portage-2.3.103, Repoman-2.3.20 Signed-off-by: Mart Raudsepp <leio@gentoo.org> media-libs/gst-rtsp-server/Manifest | 1 + .../files/1.16.2-CVE-2020-6095.patch | 39 +++++++++++ .../files/1.16.2-glib-deprecation-fix.patch | 59 +++++++++++++++++ .../gst-rtsp-server/files/1.16.2-leak-fix.patch | 25 ++++++++ .../gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild | 75 ++++++++++++++++++++++ 5 files changed, 199 insertions(+) x86 stable amd64 done all arches done Please cleanup. New GLSA request filed. This issue was resolved and addressed in GLSA 202009-05 at https://security.gentoo.org/glsa/202009-05 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60ea9c2e19cd9fb2482ff263ebac848d3fb2c433 commit 60ea9c2e19cd9fb2482ff263ebac848d3fb2c433 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-10-30 15:23:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-11 00:25:33 +0000 media-libs/gst-rtsp-server: security cleanup Bug: https://bugs.gentoo.org/715100 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/18074 Signed-off-by: Sam James <sam@gentoo.org> media-libs/gst-rtsp-server/Manifest | 1 - .../gst-rtsp-server/gst-rtsp-server-1.14.5.ebuild | 70 ---------------------- 2 files changed, 71 deletions(-) |