From: | "»Q«" <boxcars@×××.net> | ||
---|---|---|---|
To: | gentoo-user@l.g.o | ||
Subject: | [gentoo-user] Re: Difficulty fixing GLSA 201512-07 (gstreamer-0.10) | ||
Date: | Mon, 11 Jan 2016 23:02:22 | ||
Message-Id: | 20160111170051.7bf6d23c@sepulchrave.remarqs | ||
In Reply to: | Re: [gentoo-user] Re: Difficulty fixing GLSA 201512-07 (gstreamer-0.10) by David Haller |
1 | On Thu, 7 Jan 2016 23:45:38 +0100 |
2 | David Haller <gentoo@×××××××.de> wrote: |
3 | |
4 | > On Wed, 06 Jan 2016, »Q« wrote: |
5 | > >On Tue, 5 Jan 2016 08:26:42 -0800 |
6 | > >Grant <emailgrant@×××××.com> wrote: |
7 | > > |
8 | > >> > AFAICT, details of the gstreamer bug itself haven't been made |
9 | > >> > public yet, and nobody is sure whether the unmaintained 0.10 |
10 | > >> > branch needs a patch. See |
11 | > >> > <https://bugs.gentoo.org/show_bug.cgi?id=553742#c11> and the |
12 | > >> > following comment. |
13 | > >> |
14 | > >> So everyone is just living with the supposed security |
15 | > >> vulnerability on their system? |
16 | > > |
17 | > >Not everyone. SUSE and Debian seem to have patches for this for |
18 | > >0.10. |
19 | > > |
20 | > ><https://www.suse.com/security/cve/CVE-2015-0797.html> |
21 | > > |
22 | > ><https://www.debian.org/security/2015/dsa-3225> |
23 | > |
24 | > https://build.opensuse.org/package/view_file/multimedia:libs/gstreamer-0_10-plugins-bad/gstreamer-0_10-plugins-bad-mp4-overflow.patch?expand=1 |
25 | |
26 | The bug is fixed -- that patch is applied in gst-plugins-bad-0.10.23-r3. |
27 | |
28 | I understand there's effectively no longer an upstream for 0.10, but |
29 | still it's disconcerting that a patch made it from Mozilla to Debian |
30 | and SUSE (and who knows who else) months ago without other distros |
31 | finding out about it. Maybe that's why access to Mozilla's bug entry |
32 | is still restricted. |
33 | |
34 | I guess there's nothing to do but for us be vigilant until eventually |
35 | all the things that depend on 0.10 are gone and we no longer need it. |
Subject | Author |
---|---|
Re: [gentoo-user] Re: Difficulty fixing GLSA 201512-07 (gstreamer-0.10) | Grant <emailgrant@×××××.com> |