Bug#784220: gst-plugins-bad0.10: CVE-2015-0797: buffer overflow in the plugin for mp4 playback
Salvatore Bonaccorso
carnil at debian.org
Mon May 4 08:08:46 UTC 2015
Source: gst-plugins-bad0.10
Version: 0.10.23-7.1
Severity: grave
Tags: security upstream patch
Justification: user security hole
Control: fixed -1 0.10.23-7.1+deb7u2
Hi
This is as well for keeping track of this issue in the BTS. In
DSA-3225-1 a buffer overflow in the plugin for mp4 playback was fixed.
For jessie and above the impact is less grave as no browser attack
vector is present. But could you fix this issue as well through a
jessie-pu?
https://security-tracker.debian.org/tracker/CVE-2015-0797
https://www.debian.org/security/2015/dsa-3225
Keeping the severity to RC (unless you dissagree), since
gst-plugins-bad0.10 might be as well a candidate for removal before
the stretch release.
Patch:
https://sources.debian.net/data/main/g/gst-plugins-bad0.10/0.10.23-7.1+deb7u2/debian/patches/buffer-overflow-mp4.patch
Regards,
Salvatore
More information about the pkg-gstreamer-maintainers
mailing list