Bug 19814 - gstreamer0.10-plugins-bad, gstreamer1.0-plugins-bad new security issue in VMWare screen capture file decoder (CVE-2016-944[56])
Summary: gstreamer0.10-plugins-bad, gstreamer1.0-plugins-bad new security issue in VMW...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Shlomi Fish
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/706842/
Whiteboard:
Keywords:
Depends on: 20238
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-18 17:23 CET by David Walser
Modified: 2018-01-01 17:14 CET (History)
2 users (show)

See Also:
Source RPM: gstreamer0.10-plugins-bad, gstreamer1.0-plugins-bad
CVE:
Status comment:


Attachments

Description David Walser 2016-11-18 17:23:44 CET
Debian has issued an advisory on November 17:
https://www.debian.org/security/2016/dsa-3717
David Walser 2016-11-18 17:23:55 CET

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2016-11-18 18:21:57 CET
Assigning to gstreamer0.10-plugins-bad maintainer.

There's no gstreamer1.0-plugins-bad maintainer. CC'ing all packagers collectively.

I guess this report needs to be cloned for gstreamer1.0-plugins-bad, anyway?

CC: (none) => marja11, pkg-bugs
Assignee: bugsquad => shlomif

Comment 2 David Walser 2016-11-18 20:59:21 CET
CVE request and link to the upstream fix:
http://openwall.com/lists/oss-security/2016/11/18/12
Comment 3 David Walser 2016-11-19 20:38:28 CET
Appears to be fixed in Cauldron by Shlomi.

Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

Comment 4 David Walser 2016-11-20 17:15:59 CET
CVE-2016-944[56]:
http://openwall.com/lists/oss-security/2016/11/18/13

Summary: gstreamer0.10-plugins-bad, gstreamer1.0-plugins-bad new security issue in VMWare screen capture file decoder => gstreamer0.10-plugins-bad, gstreamer1.0-plugins-bad new security issue in VMWare screen capture file decoder (CVE-2016-944[56])

Comment 5 David Walser 2016-12-05 20:08:06 CET
CVE-2016-9809, CVE-2016-981[23] assigned for issues fixed in 1.10.2:
http://openwall.com/lists/oss-security/2016/12/05/8
Comment 6 David Walser 2016-12-08 19:53:18 CET
LWN reference for CVE-2016-9809:
https://lwn.net/Vulnerabilities/708524/
Comment 7 David Walser 2016-12-12 20:29:36 CET
LWN reference for CVE-2016-981[23]:
https://lwn.net/Vulnerabilities/708873/

Fedora has issued an advisory for this on December 9:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IQKP5AYCCUOV4CJ6YAVAIDLWZRXEY7JG/
David Walser 2017-12-27 23:14:37 CET

Depends on: (none) => 20238

Comment 8 David Walser 2018-01-01 17:14:30 CET
Fixed in:
https://advisories.mageia.org/MGASA-2018-0012.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.