Archives
Archives
| From: | Grant <emailgrant@×××××.com> | ||
|---|---|---|---|
| To: | Gentoo mailing list <gentoo-user@l.g.o> | ||
| Subject: | Re: [gentoo-user] Re: Difficulty fixing GLSA 201512-07 (gstreamer-0.10) | ||
| Date: | Tue, 12 Jan 2016 17:01:51 | ||
| Message-Id: | CAN0CFw3k02re3Dt-C5ou_1Oa8tuq=Et7V+ZL73wJBf4s+sSwbw@mail.gmail.com | ||
| In Reply to: | [gentoo-user] Re: Difficulty fixing GLSA 201512-07 (gstreamer-0.10) by "»Q«" |
||
| 1 | >> >> > AFAICT, details of the gstreamer bug itself haven't been made |
| 2 | >> >> > public yet, and nobody is sure whether the unmaintained 0.10 |
| 3 | >> >> > branch needs a patch. See |
| 4 | >> >> > <https://bugs.gentoo.org/show_bug.cgi?id=553742#c11> and the |
| 5 | >> >> > following comment. |
| 6 | >> >> |
| 7 | >> >> So everyone is just living with the supposed security |
| 8 | >> >> vulnerability on their system? |
| 9 | >> > |
| 10 | >> >Not everyone. SUSE and Debian seem to have patches for this for |
| 11 | >> >0.10. |
| 12 | >> > |
| 13 | >> ><https://www.suse.com/security/cve/CVE-2015-0797.html> |
| 14 | >> > |
| 15 | >> ><https://www.debian.org/security/2015/dsa-3225> |
| 16 | >> |
| 17 | >> https://build.opensuse.org/package/view_file/multimedia:libs/gstreamer-0_10-plugins-bad/gstreamer-0_10-plugins-bad-mp4-overflow.patch?expand=1 |
| 18 | > |
| 19 | > The bug is fixed -- that patch is applied in gst-plugins-bad-0.10.23-r3. |
| 20 | |
| 21 | |
| 22 | Should we expect the glsa-check reported vulnerability to go away? |
| 23 | |
| 24 | - Grant |