Summary: | <media-libs/gstreamer-1.22.11: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jarkko Suominen <bugzillas> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | major | CC: | gstreamer, jorge+git, leio |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 908978, 928779 | ||
Bug Blocks: |
Description
Jarkko Suominen
2023-11-23 07:09:38 UTC
user assisted code execution -> 2? (In reply to John Helmert III from comment #1) > user assisted code execution -> 2? The impact has been described as follows: https://gstreamer.freedesktop.org/security/sa-2023-0010.html It is possible for a malicious third party to trigger a crash in the application. https://gstreamer.freedesktop.org/security/sa-2023-0009.html It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. Because of that I thought that 4 might be appropriate. Agreed that 2 is correct since these require user assistance *and may lead to code execution Sorry for the huge delay. The needed version bumps are in now, but giving it at least a couple days to settled and make sure there are no issues as it was coupled with a huge review of all ebuilds and many eclass changes. If there's a GLSA, I'd put it together with bug 918095 one The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15881aaf14c79dc8bd18060646ec2d69e556fd07 commit 15881aaf14c79dc8bd18060646ec2d69e556fd07 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2024-04-30 07:50:05 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2024-04-30 08:23:48 +0000 media-libs/gstreamer: drop 1.20.5, 1.20.6 Bug: https://bugs.gentoo.org/917791 Signed-off-by: Mart Raudsepp <leio@gentoo.org> media-libs/gstreamer/Manifest | 2 - .../files/gstreamer-1.20.5-tests-race.patch | 293 --------------------- media-libs/gstreamer/gstreamer-1.20.5.ebuild | 76 ------ media-libs/gstreamer/gstreamer-1.20.6.ebuild | 72 ----- 4 files changed, 443 deletions(-) |