** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **
Tomas Hoger of the RedHat Security Response Team discovered that gst-plugins-base since 0.10.20 does not properly allocate memory when performing base64 decoding.
Created attachment 184248 [details, diff]
upstream provided patch
upstream is going to release a new gstreamer package next thursday. However, it would be preferable to do prestable testing based on the current stable (or a later version) including the patch.
Please attach an ebuild to this bug, do not commit anything to CVS!
*** Bug 262552 has been marked as a duplicate of this bug. ***
Added gst-plugins-base 0.10.22 ebuild with the patch, if we want it stable, we also want all of its separated plugins as well as gst-plugins-bad 0.10.11 and its separated plugins.
Also, having the new -bad means we also need the new -ugly and -good.. So, if we want the new -base stable, we need to make all the latest gst packages stable.
Adding the stabilization bug as a dependency