On 23.11.2016 01:57, Michael Catanzaro wrote: > Hi, > > Is anybody working on fixing [1]? > > The exploit is a little impractical in that it only works if you have > not updated any F24 base packages except GStreamer, but we should still > fix it. I don't see any GStreamer updates in bodhi yet.
on a related note, i notice that i have this package installed, which i haven't requested to be installed: >> rpm -qa | grep gstreamer1-plugins > gstreamer1-plugins-base-devel-1.8.3-1.fc24.x86_64 > gstreamer1-plugins-bad-free-1.8.3-1.fc24.x86_64 > gstreamer1-plugins-good-1.8.3-1.fc24.x86_64 > gstreamer1-plugins-base-1.8.3-1.fc24.x86_64 >> dnf -C info gstreamer1-plugins-bad-free > Last metadata expiration check: 0:57:12 ago on Wed Nov 23 10:44:37 2016. > Installed Packages > Name : gstreamer1-plugins-bad-free > Arch : x86_64 > Epoch : 0 > Version : 1.8.3 > Release : 1.fc24 > Size : 5.4 M > Repo : @System > From repo : updates > Summary : GStreamer streaming media framework "bad" plugins > URL : http://gstreamer.freedesktop.org/ > License : LGPLv2+ and LGPLv2 > Description : GStreamer is a streaming media framework, based on graphs of > : elements which operate on media data. > : > : This package contains plug-ins that aren't tested well enough, > or > : the code is not of good enough quality. so to their credit the upstream authors in this case are honest enough that their C code is full of holes and shouldn't be used by anybody; however: >> dnf remove gstreamer1-plugins-bad-free > Dependencies resolved. > ================================================================================ > Package Arch Version Repository > Size > ================================================================================ > Removing: > PackageKit-Qt5 x86_64 0.9.5-6.fc24 @@commandline 330 > k > appstream x86_64 0.9.8-3.fc24 @updates 670 > k > appstream-qt x86_64 0.9.8-3.fc24 @updates 92 > k > breeze-cursor-theme noarch 5.7.5-1.fc24 @updates 11 > M > cheese x86_64 2:3.20.2-1.fc24 @@commandline 406 > k > cln x86_64 1.3.4-4.fc24 @@commandline 1.5 > M > empathy x86_64 3.12.12-2.fc24 @updates 15 > M > f23-backgrounds-kde noarch 23.1.0-2.fc24 @@commandline 211 > f23-kde-theme noarch 23.0-6.fc24 @@commandline 4.4 > M > f24-backgrounds-kde noarch 24.1.2-1.fc24 @@commandline 211 > f24-kde-theme noarch 24.5-1.fc24 @@commandline 2.4 > M > f24-kde-theme-core x86_64 5.7.5-2.fc24 @updates 169 > k > farstream02 x86_64 0.2.7-3.fc24 @@commandline 695 > k > gnome-dvb-daemon x86_64 0.2.91-0.2.20160917git2d32148.fc24 > @updates 2.1 > M > gstreamer1-plugins-bad-free x86_64 1.8.3-1.fc24 @updates 5.4 > M > gstreamer1-rtsp-server x86_64 1.8.3-1.fc24 @updates 361 > k > hplip-gui x86_64 3.16.10-1.fc24 @updates 2.1 > M > kactivitymanagerd x86_64 5.7.5-1.fc24 @updates 682 > k > kde-cli-tools x86_64 5.7.5-1.fc24 @updates 3.4 > M > kde-settings-plasma noarch 24-7.fc24 @updates 3.4 > k > kdecoration x86_64 5.7.5-1.fc24 @updates 185 > k > kf5-bluez-qt x86_64 5.27.0-1.fc24 @updates 700 > k > kf5-frameworkintegration x86_64 5.27.0-1.fc24 @updates 1.6 > M > kf5-frameworkintegration-libs x86_64 5.27.0-1.fc24 @updates 66 > k > kf5-kactivities-stats x86_64 5.27.0-1.fc24 @updates 290 > k > kf5-kdnssd x86_64 5.27.0-1.fc24 @updates 247 > k > kf5-kdoctools x86_64 5.27.0-1.fc24 @updates 2.2 > M > kf5-kemoticons x86_64 5.27.0-1.fc24 @updates 2.2 > M > kf5-kholidays x86_64 16.08.2-1.fc24 @updates 708 > k > kf5-kjsembed x86_64 5.27.0-1.fc24 @updates 1.7 > M > kf5-kpeople x86_64 5.27.0-1.fc24 @updates 465 > k > kf5-kwayland x86_64 5.27.0-1.fc24 @updates 1.3 > M > kf5-kxmlrpcclient x86_64 5.27.0-1.fc24 @updates 123 > k > kf5-networkmanager-qt x86_64 5.27.0-1.fc24 @updates 1.3 > M > khotkeys x86_64 5.7.5-1.fc24 @updates 2.3 > M > kio-extras x86_64 16.08.2-1.fc24 @updates 1.9 > M > kmenuedit x86_64 5.7.5-1.fc24 @updates 1.5 > M > konsole5 x86_64 16.08.2-1.fc24 @updates 474 > k > konsole5-part x86_64 16.08.2-1.fc24 @updates 1.4 > M > kscreenlocker x86_64 5.7.5-1.fc24 @updates 669 > k > kwin x86_64 5.7.5-1.fc24 @updates 67 > k > kwin-common x86_64 5.7.5-1.fc24 @updates 13 > M > kwin-libs x86_64 5.7.5-1.fc24 @updates 4.2 > M > kwrited x86_64 5.7.5-1.fc24 @updates 55 > k > libkscreen-qt5 x86_64 5.7.5-1.fc24 @updates 926 > k > libkworkspace5 x86_64 5.7.5-2.fc24 @updates 194 > k > libpurple x86_64 2.11.0-1.fc24 @@commandline 29 > M > libqalculate x86_64 0.9.7-17.fc24 @@commandline 5.5 > M > oxygen-fonts x86_64 5.4.3-2.fc24 @@commandline 0 > oxygen-sound-theme noarch 5.7.5-1.fc24 @updates 1.9 > M > plasma-breeze x86_64 5.7.5-1.fc24 @updates 1.1 > M > plasma-breeze-common noarch 5.7.5-1.fc24 @updates 10 > M > plasma-desktop x86_64 5.7.5-1.fc24 @updates 27 > M > plasma-discover x86_64 5.7.5-1.fc24 @updates 781 > k > plasma-discover-libs x86_64 5.7.5-1.fc24 @updates 2.1 > M > plasma-integration x86_64 5.7.5-1.fc24 @updates 316 > k > plasma-milou x86_64 5.7.5-1.fc24 @updates 265 > k > plasma-pa x86_64 5.7.5-1.fc24 @updates 648 > k > plasma-systemsettings x86_64 5.7.5-1.fc24 @updates 945 > k > plasma-workspace x86_64 5.7.5-2.fc24 @updates 19 > M > plasma-workspace-common x86_64 5.7.5-2.fc24 @updates 44 > k > plasma-workspace-drkonqi x86_64 5.7.5-2.fc24 @updates 4.8 > M > plasma-workspace-geolocation x86_64 5.7.5-2.fc24 @updates 169 > k > plasma-workspace-geolocation-libs x86_64 5.7.5-2.fc24 @updates 40 > k > plasma-workspace-libs x86_64 5.7.5-2.fc24 @updates 6.0 > M > polkit-kde x86_64 5.7.5-1.fc24 @updates 245 > k > powerdevil x86_64 5.7.5-1.fc24 @updates 2.1 > M > python-qt5-rpm-macros noarch 5.6-4.fc24 @updates 137 > python3-qt5 x86_64 5.6-4.fc24 @updates 22 > M > qt5-qdbusviewer x86_64 5.6.1-2.fc24 @updates 133 > k > qt5-qtconnectivity x86_64 5.6.1-2.fc24 @updates 1.3 > M > qt5-qtenginio x86_64 1:1.6.1-2.fc24 @updates 589 > k > qt5-qtgraphicaleffects x86_64 5.6.1-1.fc24 @updates 1.9 > M > qt5-qtimageformats x86_64 5.6.1-1.fc24 @updates 348 > k > qt5-qtmultimedia x86_64 5.6.1-3.fc24 @updates 3.1 > M > qt5-qtwebsockets x86_64 5.6.1-2.fc24 @updates 230 > k > scim-libs x86_64 1.4.17-1.fc24 @@commandline 1.1 > M > telepathy-farstream x86_64 0.6.1-7.fc24 @@commandline 195 > k > telepathy-haze x86_64 0.8.0-3.fc22 @System 231 > k > totem x86_64 1:3.20.1-1.fc24 @@commandline 7.4 > M > totem-nautilus x86_64 1:3.20.1-1.fc24 @@commandline 31 > k > xcb-util-cursor x86_64 0.1.2-3.fc24 @@commandline 27 > k > > Transaction Summary > ================================================================================ > Remove 82 Packages > > Installed size: 242 M > Is this ok [y/N]: looks like both core Gnome apps and Qt5/KDE have apparently managed to grow dependencies on the toxic codecs. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
