[Secure-testing-commits] r48666 - data/CVE

Moritz Muehlenhoff Thu, 02 Feb 2017 08:30:25 -0800

Author: jmm
Date: 2017-02-02 16:30:10 +0000 (Thu, 02 Feb 2017)
New Revision: 48666


Modified:
   data/CVE/list
Log:
new gstreamer issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-02-02 15:53:08 UTC (rev 48665)
+++ data/CVE/list       2017-02-02 16:30:10 UTC (rev 48666)
@@ -1,3 +1,73 @@
+CVE-2017-5848 [gst-plugins-bad/mpegdemux: Invalid memory read in 
gst_ps_demux_parse_psm]
+       - gst-plugins-bad1.0 <unfixed> (low)
+       - gst-plugins-bad0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
+CVE-2017-5847 [gst-plugins-ugly/asfdemux: out of bounds read in 
gst_asf_demux_process_ext_content_desc]
+       - gst-plugins-ugly1.0 <unfixed> (low)
+       - gst-plugins-ugly0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777955
+CVE-2017-5846 [gst-plugins-ugly/asfdemux: invalid memory read in 
gst_asf_demux_process_ext_stream_props()]
+       - gst-plugins-ugly1.0 1.10.3-1 (low)
+       - gst-plugins-ugly0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777937
+CVE-2017-5845 [gst-plugins-good/avidemux: invalid memory read in 
gst_avi_demux_parse_ncdt]
+       - gst-plugins-good1.0 1.10.3-1 (low)
+       - gst-plugins-good0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777532
+CVE-2017-5844 [gst-plugins-base: floating point exception in 
gst_riff_create_audio_caps (another one)]
+       - gst-plugins-base1.0 1.10.3-1 (low)
+       - gst-plugins-base0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525
+CVE-2017-5843 [gst-plugins-bad/mxfdemux: use after free in 
gst_mini_object_unref / gst_tag_list_unref / 
gst_mxf_demux_update_essence_tracks]
+       - gst-plugins-bad1.0 1.10.3-1
+       - gst-plugins-bad0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503
+CVE-2017-5842 [gst-plugins-base/samiparse: heap oob in 
html_context_handle_element]
+       - gst-plugins-base1.0 1.10.3-1
+       - gst-plugins-base0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777502
+CVE-2017-5841 [gst-plugins-good/avidemux: gst_avi_demux_parse_ncdt heap out of 
bounds read]
+       - gst-plugins-good1.0 1.10.3-1 (low)
+       - gst-plugins-good0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777500
+CVE-2017-5840 [gst-plugins-good/qtdemux: out of bounds heap read in 
qtdemux_parse_samples]
+       - gst-plugins-good1.0 1.10.3-1 (low)
+       - gst-plugins-good0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777469
+CVE-2017-5839 [gst-plugins-base/riff: stack overflow in 
gst_riff_create_audio_caps]
+       - gst-plugins-base1.0 1.10.3-1
+       - gst-plugins-base0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777265
+CVE-2017-5838 [gstreamer core/datetime: out of bounds read in 
gst_date_time_new_from_iso8601_string()]
+       - gstreamer1.0 1.10.3-1 (low)
+       - gstreamer0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777263
+CVE-2017-5837 [gst-plugins-base/riff-media: floating point exception in 
gst_riff_create_audio_caps]
+       - gst-plugins-base1.0 1.10.3-1 (low)
+       - gst-plugins-base0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777262
+CVE-2016-10199 [gst-plugins-good/qtdemux: out of bounds read in 
qtdemux_tag_add_str_full]
+       - gst-plugins-good1.0 1.10.3-1 (low)
+       - gst-plugins-good0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451
+CVE-2016-10198 [gstreamer invalid memory read in gst_aac_parse_sink_setcaps]
+       - gst-plugins-good1.0 1.10.3-1 (low)
+       - gst-plugins-good0.10 <undetermined>
+       NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+       NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775450
 CVE-2016-XXXX [iio-sensor-proxy: insecure dbus policy]
        - iio-sensor-proxy 2.0-4 (bug #853951)
 CVE-2016-10192 [ffmpeg ffserver.c]


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48666 - data/CVE

Reply via email to