Hello community,
here is the log from the commit of package gstreamer-plugins-base for
openSUSE:Factory checked in at 2019-05-20 10:27:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gstreamer-plugins-base (Old)
and /work/SRC/openSUSE:Factory/.gstreamer-plugins-base.new.5148 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gstreamer-plugins-base"
Mon May 20 10:27:14 2019 rev:59 rq:703584 version:1.14.4
Changes:
--------
---
/work/SRC/openSUSE:Factory/gstreamer-plugins-base/gstreamer-plugins-base.changes
2019-05-02 19:15:18.521163392 +0200
+++
/work/SRC/openSUSE:Factory/.gstreamer-plugins-base.new.5148/gstreamer-plugins-base.changes
2019-05-20 10:27:15.553938884 +0200
@@ -1,0 +2,6 @@
+Thu May 16 21:48:14 UTC 2019 - mgo...@suse.com
+
+- Add CVE-2019-9928.patch: fix a heap overflow in the rtsp
+ connection parser (boo#1133375 CVE-2019-9928).
+
+-------------------------------------------------------------------
New:
----
CVE-2019-9928.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gstreamer-plugins-base.spec ++++++
--- /var/tmp/diff_new_pack.ZrZ8ZE/_old 2019-05-20 10:27:16.077938711 +0200
+++ /var/tmp/diff_new_pack.ZrZ8ZE/_new 2019-05-20 10:27:16.081938709 +0200
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -30,6 +30,8 @@
Source1: gstreamer-plugins-base.appdata.xml
Source2: baselibs.conf
Patch0: 0001-id3tag-Correctly-validate-the-year-from-v1-tags-befo.patch
+# PATCh-FIX-UPSTREAM CVE-2019-9928.patch boo#1133375 mgo...@suse.com -- fix a
heap overflow in the rtsp connection parser.
+Patch1: CVE-2019-9928.patch
BuildRequires: Mesa-libGLESv3-devel
BuildRequires: cdparanoia-devel
@@ -458,6 +460,7 @@
%prep
%autosetup -n %{_name}-%{version} -p1
+
translation-update-upstream po gst-plugins-base-%{gst_branch}
%build
++++++ CVE-2019-9928.patch ++++++
>From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001
From: Tobias Ronge <tobi...@axis.com>
Date: Thu, 14 Mar 2019 10:12:27 +0100
Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow
The former code allowed an attacker to create a heap overflow by
sending a longer than allowed session id in a response and including a
semicolon to change the maximum length. With this change, the parser
will never go beyond 512 bytes.
---
gst-libs/gst/rtsp/gstrtspconnection.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c
b/gst-libs/gst/rtsp/gstrtspconnection.c
index a6755bedd..c0429064a 100644
--- a/gst-libs/gst/rtsp/gstrtspconnection.c
+++ b/gst-libs/gst/rtsp/gstrtspconnection.c
@@ -2461,7 +2461,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage *
message,
maxlen = sizeof (conn->session_id) - 1;
/* the sessionid can have attributes marked with ;
* Make sure we strip them */
- for (i = 0; session_id[i] != '\0'; i++) {
+ for (i = 0; i < maxlen && session_id[i] != '\0'; i++) {
if (session_id[i] == ';') {
maxlen = i;
/* parse timeout */
--
2.20.1
