diff options
author | Graham Christensen <graham@grahamc.com> | 2017-02-08 08:27:59 -0500 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2017-02-08 08:30:23 -0500 |
commit | afd59811a1f4b2037d77293064a4fee0ac91af6f (patch) | |
tree | 9ef83d1f24bee63529c8359105f930658bfea4e5 /pkgs/development/libraries/gstreamer/libav | |
parent | 9d30099b7f6b7f5bef6abd6dc240ada3a666112c (diff) |
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
- CVE-2017-5843 (arbitrary code execution): A double-free issue has
been found in gstreamer before 1.10.3, in
gst_mxf_demux_update_essence_tracks.
- CVE-2017-5848 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/
gst-plugins-base:
From the Arch Linux advisory:
- CVE-2017-5837 (denial of service): A floating point exception issue
has been found in gstreamer before 1.10.3, in
gst_riff_create_audio_caps.
- CVE-2017-5839 (denial of service): An endless recursion issue
leading to stack overflow has been found in gstreamer before 1.10.3,
in gst_riff_create_audio_caps.
- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
been found in gstreamer before 1.10.3, in
html_context_handle_element.
- CVE-2017-5844 (denial of service): A floating point exception issue
has been found in gstreamer before 1.10.3, in
gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/
gst-plugins-good:
From the Arch Linux advisory:
- CVE-2016-10198 (denial of service): An invalid memory read flaw has
been found in gstreamer before 1.10.3, in
gst_aac_parse_sink_setcaps.
- CVE-2016-10199 (denial of service): An out of bounds read has been
found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.
- CVE-2017-5840 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in qtdemux_parse_samples.
- CVE-2017-5841 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
- CVE-2017-5845 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/
gst-plugins-ugly:
From the Arch Linux advisory:
- CVE-2017-5846 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in
gst_asf_demux_process_ext_stream_props.
- CVE-2017-5847 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in
gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/
gstreamer:
From the Arch Linux advisory:
An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
Diffstat (limited to 'pkgs/development/libraries/gstreamer/libav')
-rw-r--r-- | pkgs/development/libraries/gstreamer/libav/default.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/development/libraries/gstreamer/libav/default.nix b/pkgs/development/libraries/gstreamer/libav/default.nix index 447b679898a4..32000bb89a02 100644 --- a/pkgs/development/libraries/gstreamer/libav/default.nix +++ b/pkgs/development/libraries/gstreamer/libav/default.nix @@ -9,7 +9,7 @@ assert withSystemLibav -> libav != null; stdenv.mkDerivation rec { - name = "gst-libav-1.10.2"; + name = "gst-libav-1.10.3"; meta = { homepage = "http://gstreamer.freedesktop.org"; @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "${meta.homepage}/src/gst-libav/${name}.tar.xz"; - sha256 = "0g778j7w4vpbhwjzyrzpajvr26nxm6vqby84v8g1w1hz44v71pd3"; + sha256 = "1aajayv63ardkbmcg7pnh2d87r067325a5wzinwihaw6n5jw2sws"; }; outputs = [ "out" "dev" ]; |