Summary: | <media-libs/gst-plugins-bad-1.16.3: h264parse stack overflow RCE (CVE-2021-3185) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hank Leininger <hlein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gstreamer, maracay, phmagic, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://marc.info/?l=oss-security&m=161118604431900&w=4 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=765163 | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 765163 |
Description
Hank Leininger
2021-01-21 00:04:33 UTC
Thanks for the report, beat me to it. (We use fixed versions within Gentoo in the summary.) (In reply to Sam James from comment #1) > Thanks for the report, beat me to it. > > (We use fixed versions within Gentoo in the summary.) Thanks! Doh, I meant to <, not <=. 1.16.3 is indeed fixed. *** Bug 767187 has been marked as a duplicate of this bug. *** ppc64 done x86 done amd64 done ppc done arm64 done arm done all arches done Please cleanup Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f69203b9608d0db5bda6ce4050bf90de5119c0f8 commit f69203b9608d0db5bda6ce4050bf90de5119c0f8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 21:47:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 21:48:21 +0000 [ GLSA 202208-31 ] GStreamer, GStreamer Plugins: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/765163 Bug: https://bugs.gentoo.org/766336 Bug: https://bugs.gentoo.org/785652 Bug: https://bugs.gentoo.org/785655 Bug: https://bugs.gentoo.org/785658 Bug: https://bugs.gentoo.org/785661 Bug: https://bugs.gentoo.org/835368 Bug: https://bugs.gentoo.org/843770 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-31.xml | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) GLSA done, all done. |