Bug#847417: depends on gstreamer-plugins-bad, which is an ongoing source of security holes
biebl at debian.org
Fri Dec 9 22:08:01 UTC 2016
Am 08.12.2016 um 03:01 schrieb Joey Hess:
> Package: gnome-video-effects
> Version: 0.4.1-3
> Severity: normal
> gstreamer-plugins-bad has been in the news at least twice recently for
> security holes.
> It seems likely that it will continue to be a source of such security
This doesn't immediately address your concern, but I just uploaded
tracker including this change:
"tracker-extract: Sandbox extractor threads. Filesystem and network
access are limited to being read and local only."
> I wanted to remove gstreamer-plugins-bad from my system, but this would
> remove gnome-video-effects, which would remove cheese. I don't know why
> cheese needs a ton of insecurely implemented codecs for playing Nintendo
> games etc in order to take snapshots and record videos. Probably it doesn't?
gnome-video-effects is just one of many others depending on
gstreamer-plugins-bad, and I guess we have to check each and every one
Laurent, this dependency was originally added by you. Do you remember
the details and why this needs to be a hard dependency? The only real
dependency of gnome-video-effects is cheese, would some of the cheese
features not work if gstreamer-plugins-bad was not installed?
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the pkg-gnome-maintainers