[Secure-testing-commits] r48666 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Feb 2 16:30:10 UTC 2017
Author: jmm
Date: 2017-02-02 16:30:10 +0000 (Thu, 02 Feb 2017)
New Revision: 48666
Modified:
data/CVE/list
Log:
new gstreamer issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-02 15:53:08 UTC (rev 48665)
+++ data/CVE/list 2017-02-02 16:30:10 UTC (rev 48666)
@@ -1,3 +1,73 @@
+CVE-2017-5848 [gst-plugins-bad/mpegdemux: Invalid memory read in gst_ps_demux_parse_psm]
+ - gst-plugins-bad1.0 <unfixed> (low)
+ - gst-plugins-bad0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
+CVE-2017-5847 [gst-plugins-ugly/asfdemux: out of bounds read in gst_asf_demux_process_ext_content_desc]
+ - gst-plugins-ugly1.0 <unfixed> (low)
+ - gst-plugins-ugly0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777955
+CVE-2017-5846 [gst-plugins-ugly/asfdemux: invalid memory read in gst_asf_demux_process_ext_stream_props()]
+ - gst-plugins-ugly1.0 1.10.3-1 (low)
+ - gst-plugins-ugly0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777937
+CVE-2017-5845 [gst-plugins-good/avidemux: invalid memory read in gst_avi_demux_parse_ncdt]
+ - gst-plugins-good1.0 1.10.3-1 (low)
+ - gst-plugins-good0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777532
+CVE-2017-5844 [gst-plugins-base: floating point exception in gst_riff_create_audio_caps (another one)]
+ - gst-plugins-base1.0 1.10.3-1 (low)
+ - gst-plugins-base0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525
+CVE-2017-5843 [gst-plugins-bad/mxfdemux: use after free in gst_mini_object_unref / gst_tag_list_unref / gst_mxf_demux_update_essence_tracks]
+ - gst-plugins-bad1.0 1.10.3-1
+ - gst-plugins-bad0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503
+CVE-2017-5842 [gst-plugins-base/samiparse: heap oob in html_context_handle_element]
+ - gst-plugins-base1.0 1.10.3-1
+ - gst-plugins-base0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777502
+CVE-2017-5841 [gst-plugins-good/avidemux: gst_avi_demux_parse_ncdt heap out of bounds read]
+ - gst-plugins-good1.0 1.10.3-1 (low)
+ - gst-plugins-good0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777500
+CVE-2017-5840 [gst-plugins-good/qtdemux: out of bounds heap read in qtdemux_parse_samples]
+ - gst-plugins-good1.0 1.10.3-1 (low)
+ - gst-plugins-good0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777469
+CVE-2017-5839 [gst-plugins-base/riff: stack overflow in gst_riff_create_audio_caps]
+ - gst-plugins-base1.0 1.10.3-1
+ - gst-plugins-base0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777265
+CVE-2017-5838 [gstreamer core/datetime: out of bounds read in gst_date_time_new_from_iso8601_string()]
+ - gstreamer1.0 1.10.3-1 (low)
+ - gstreamer0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777263
+CVE-2017-5837 [gst-plugins-base/riff-media: floating point exception in gst_riff_create_audio_caps]
+ - gst-plugins-base1.0 1.10.3-1 (low)
+ - gst-plugins-base0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777262
+CVE-2016-10199 [gst-plugins-good/qtdemux: out of bounds read in qtdemux_tag_add_str_full]
+ - gst-plugins-good1.0 1.10.3-1 (low)
+ - gst-plugins-good0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451
+CVE-2016-10198 [gstreamer invalid memory read in gst_aac_parse_sink_setcaps]
+ - gst-plugins-good1.0 1.10.3-1 (low)
+ - gst-plugins-good0.10 <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775450
CVE-2016-XXXX [iio-sensor-proxy: insecure dbus policy]
- iio-sensor-proxy 2.0-4 (bug #853951)
CVE-2016-10192 [ffmpeg ffserver.c]
More information about the Secure-testing-commits
mailing list