From: | Grant <emailgrant@×××××.com> | ||
---|---|---|---|
To: | Gentoo mailing list <gentoo-user@l.g.o> | ||
Subject: | Re: [gentoo-user] Re: Difficulty fixing GLSA 201512-07 (gstreamer-0.10) | ||
Date: | Tue, 12 Jan 2016 17:01:51 | ||
Message-Id: | CAN0CFw3k02re3Dt-C5ou_1Oa8tuq=Et7V+ZL73wJBf4s+sSwbw@mail.gmail.com | ||
In Reply to: | [gentoo-user] Re: Difficulty fixing GLSA 201512-07 (gstreamer-0.10) by "»Q«" |
1 | >> >> > AFAICT, details of the gstreamer bug itself haven't been made |
2 | >> >> > public yet, and nobody is sure whether the unmaintained 0.10 |
3 | >> >> > branch needs a patch. See |
4 | >> >> > <https://bugs.gentoo.org/show_bug.cgi?id=553742#c11> and the |
5 | >> >> > following comment. |
6 | >> >> |
7 | >> >> So everyone is just living with the supposed security |
8 | >> >> vulnerability on their system? |
9 | >> > |
10 | >> >Not everyone. SUSE and Debian seem to have patches for this for |
11 | >> >0.10. |
12 | >> > |
13 | >> ><https://www.suse.com/security/cve/CVE-2015-0797.html> |
14 | >> > |
15 | >> ><https://www.debian.org/security/2015/dsa-3225> |
16 | >> |
17 | >> https://build.opensuse.org/package/view_file/multimedia:libs/gstreamer-0_10-plugins-bad/gstreamer-0_10-plugins-bad-mp4-overflow.patch?expand=1 |
18 | > |
19 | > The bug is fixed -- that patch is applied in gst-plugins-bad-0.10.23-r3. |
20 | |
21 | |
22 | Should we expect the glsa-check reported vulnerability to go away? |
23 | |
24 | - Grant |