1 |
Hello, |
2 |
|
3 |
On Wed, 06 Jan 2016, »Q« wrote: |
4 |
>On Tue, 5 Jan 2016 08:26:42 -0800 |
5 |
>Grant <emailgrant@×××××.com> wrote: |
6 |
> |
7 |
>> > AFAICT, details of the gstreamer bug itself haven't been made public |
8 |
>> > yet, and nobody is sure whether the unmaintained 0.10 branch needs a |
9 |
>> > patch. See <https://bugs.gentoo.org/show_bug.cgi?id=553742#c11> and |
10 |
>> > the following comment. |
11 |
>> |
12 |
>> So everyone is just living with the supposed security vulnerability on |
13 |
>> their system? |
14 |
> |
15 |
>Not everyone. SUSE and Debian seem to have patches for this for 0.10. |
16 |
> |
17 |
><https://www.suse.com/security/cve/CVE-2015-0797.html> |
18 |
> |
19 |
><https://www.debian.org/security/2015/dsa-3225> |
20 |
|
21 |
https://build.opensuse.org/package/view_file/multimedia:libs/gstreamer-0_10-plugins-bad/gstreamer-0_10-plugins-bad-mp4-overflow.patch?expand=1 |
22 |
|
23 |
I've not found other patches for 0.10 there[1]. |
24 |
|
25 |
gstreamer-1.x is at 1.61 there, so no patch. |
26 |
|
27 |
HTH, |
28 |
-dnh |
29 |
|
30 |
[1] https://build.opensuse.org/project/show/multimedia:libs and filter |
31 |
for gstr |
32 |
|
33 |
-- |
34 |
Funny thing is, I once left ASR for about a year, and the thread entitled |
35 |
"sex and the single sysadmin" was _still_ going strong when I returned. |
36 |
It was like I never left. Warm fuzzies. -- AJR |