gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs - nixpkgs - Downstream nixpkgs tree for Spectrum

diff options

author	Graham Christensen <graham@grahamc.com>	2017-02-08 08:27:59 -0500
committer	Graham Christensen <graham@grahamc.com>	2017-02-08 08:30:23 -0500
commit	afd59811a1f4b2037d77293064a4fee0ac91af6f (patch)
tree	9ef83d1f24bee63529c8359105f930658bfea4e5 /pkgs/os-specific/linux/nvidia-x11/builder.sh
parent	9d30099b7f6b7f5bef6abd6dc240ada3a666112c (diff)
download	nixpkgs-afd59811a1f4b2037d77293064a4fee0ac91af6f.tar nixpkgs-afd59811a1f4b2037d77293064a4fee0ac91af6f.tar.gz nixpkgs-afd59811a1f4b2037d77293064a4fee0ac91af6f.tar.bz2 nixpkgs-afd59811a1f4b2037d77293064a4fee0ac91af6f.tar.lz nixpkgs-afd59811a1f4b2037d77293064a4fee0ac91af6f.tar.xz nixpkgs-afd59811a1f4b2037d77293064a4fee0ac91af6f.tar.zst nixpkgs-afd59811a1f4b2037d77293064a4fee0ac91af6f.zip

gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs

gst-plugins-bad:
From the Arch Linux advisory:
 - CVE-2017-5843 (arbitrary code execution): A double-free issue has
 been found in gstreamer before 1.10.3, in
 gst_mxf_demux_update_essence_tracks.

- CVE-2017-5848 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/

gst-plugins-base:
From the Arch Linux advisory:

- CVE-2017-5837 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.

- CVE-2017-5839 (denial of service): An endless recursion issue
  leading to stack overflow has been found in gstreamer before 1.10.3,
  in gst_riff_create_audio_caps.

- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
  been found in gstreamer before 1.10.3, in
  html_context_handle_element.

- CVE-2017-5844 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/

gst-plugins-good:
From the Arch Linux advisory:

- CVE-2016-10198 (denial of service): An invalid memory read flaw has
  been found in gstreamer before 1.10.3, in
  gst_aac_parse_sink_setcaps.

- CVE-2016-10199 (denial of service): An out of bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.

- CVE-2017-5840 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_parse_samples.

- CVE-2017-5841 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.

- CVE-2017-5845 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/

gst-plugins-ugly:
From the Arch Linux advisory:

- CVE-2017-5846 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_stream_props.

- CVE-2017-5847 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/

gstreamer:
From the Arch Linux advisory:

An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/

Diffstat (limited to 'pkgs/os-specific/linux/nvidia-x11/builder.sh')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: