[Secure-testing-commits] r46500 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Nov 24 05:34:54 UTC 2016
Author: carnil
Date: 2016-11-24 05:34:53 +0000 (Thu, 24 Nov 2016)
New Revision: 46500
Modified:
data/CVE/list
Log:
CVEs assigned for gstreamer plugins
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-24 05:26:25 UTC (rev 46499)
+++ data/CVE/list 2016-11-24 05:34:53 UTC (rev 46500)
@@ -1,4 +1,4 @@
-CVE-2016-XXXX [heap corruption vulnerability in the gstreamer decoder for the FLIC file format]
+CVE-2016-9636
- gst-plugins-good1.0 <unfixed> (bug #845375)
- gst-plugins-good0.10 <removed>
NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
@@ -7,6 +7,24 @@
NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
+CVE-2016-9635
+ - gst-plugins-good1.0 <unfixed> (bug #845375)
+ - gst-plugins-good0.10 <removed>
+ NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
+ NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
+ NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
+ NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
+ NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
+CVE-2016-9634
+ - gst-plugins-good1.0 <unfixed> (bug #845375)
+ - gst-plugins-good0.10 <removed>
+ NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
+ NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
+ NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
+ NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
+ NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9560 [stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)]
- jasper <removed>
NOTE: https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c
More information about the Secure-testing-commits
mailing list