1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-28 08:31:59 +00:00
nixpkgs/pkgs
Graham Christensen afd59811a1
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
 - CVE-2017-5843 (arbitrary code execution): A double-free issue has
 been found in gstreamer before 1.10.3, in
 gst_mxf_demux_update_essence_tracks.

- CVE-2017-5848 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/

gst-plugins-base:
From the Arch Linux advisory:

- CVE-2017-5837 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.

- CVE-2017-5839 (denial of service): An endless recursion issue
  leading to stack overflow has been found in gstreamer before 1.10.3,
  in gst_riff_create_audio_caps.

- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
  been found in gstreamer before 1.10.3, in
  html_context_handle_element.

- CVE-2017-5844 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/

gst-plugins-good:
From the Arch Linux advisory:

- CVE-2016-10198 (denial of service): An invalid memory read flaw has
  been found in gstreamer before 1.10.3, in
  gst_aac_parse_sink_setcaps.

- CVE-2016-10199 (denial of service): An out of bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.

- CVE-2017-5840 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_parse_samples.

- CVE-2017-5841 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.

- CVE-2017-5845 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/

gst-plugins-ugly:
From the Arch Linux advisory:

- CVE-2017-5846 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_stream_props.

- CVE-2017-5847 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/

gstreamer:
From the Arch Linux advisory:

An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
2017-02-08 08:30:23 -05:00
..
applications taskwarrior: improve meta.description (taskwarrior has nothing to do with GTD) 2017-02-08 11:45:50 +01:00
build-support samba: Fix URL 2017-02-07 20:23:56 +01:00
data liberastika: init at 1.1.5 (#22420) 2017-02-04 16:38:01 +01:00
desktops gnome-vfs: Drop unused Samba dependency 2017-02-07 20:23:42 +01:00
development gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs 2017-02-08 08:30:23 -05:00
games Merge branch 'staging' 2017-02-04 21:02:46 +01:00
misc Merge pull request #22285 from nand0p/electricsheep 2017-02-07 10:20:20 +01:00
os-specific grsecurity: 4.9.8-201702060653 -> 201702071801 2017-02-08 01:31:18 +01:00
servers Merge #22241: amdgpu-pro: 16.50 -> 16.60 2017-02-07 20:49:58 +01:00
shells bash-completion: 2.4 -> 2.5 2017-02-06 21:59:10 +01:00
stdenv Merge pull request #22387 from Ericson2314/cross-3-platforms 2017-02-05 17:41:31 -05:00
test
tools autorevision: use sed word delimiters for better precision 2017-02-07 17:12:25 +01:00
top-level Merge pull request #22468 from taktoa/souper 2017-02-08 09:20:43 +01:00