| 1 |
Hello, |
| 2 |
|
| 3 |
On Wed, 06 Jan 2016, »Q« wrote: |
| 4 |
>On Tue, 5 Jan 2016 08:26:42 -0800 |
| 5 |
>Grant <emailgrant@×××××.com> wrote: |
| 6 |
> |
| 7 |
>> > AFAICT, details of the gstreamer bug itself haven't been made public |
| 8 |
>> > yet, and nobody is sure whether the unmaintained 0.10 branch needs a |
| 9 |
>> > patch. See <https://bugs.gentoo.org/show_bug.cgi?id=553742#c11> and |
| 10 |
>> > the following comment. |
| 11 |
>> |
| 12 |
>> So everyone is just living with the supposed security vulnerability on |
| 13 |
>> their system? |
| 14 |
> |
| 15 |
>Not everyone. SUSE and Debian seem to have patches for this for 0.10. |
| 16 |
> |
| 17 |
><https://www.suse.com/security/cve/CVE-2015-0797.html> |
| 18 |
> |
| 19 |
><https://www.debian.org/security/2015/dsa-3225> |
| 20 |
|
| 21 |
https://build.opensuse.org/package/view_file/multimedia:libs/gstreamer-0_10-plugins-bad/gstreamer-0_10-plugins-bad-mp4-overflow.patch?expand=1 |
| 22 |
|
| 23 |
I've not found other patches for 0.10 there[1]. |
| 24 |
|
| 25 |
gstreamer-1.x is at 1.61 there, so no patch. |
| 26 |
|
| 27 |
HTH, |
| 28 |
-dnh |
| 29 |
|
| 30 |
[1] https://build.opensuse.org/project/show/multimedia:libs and filter |
| 31 |
for gstr |
| 32 |
|
| 33 |
-- |
| 34 |
Funny thing is, I once left ASR for about a year, and the thread entitled |
| 35 |
"sex and the single sysadmin" was _still_ going strong when I returned. |
| 36 |
It was like I never left. Warm fuzzies. -- AJR |
Archives