Debian has issued an advisory on November 17: https://www.debian.org/security/2016/dsa-3717
Whiteboard: (none) => MGA5TOO
Assigning to gstreamer0.10-plugins-bad maintainer. There's no gstreamer1.0-plugins-bad maintainer. CC'ing all packagers collectively. I guess this report needs to be cloned for gstreamer1.0-plugins-bad, anyway?
CC: (none) => marja11, pkg-bugsAssignee: bugsquad => shlomif
CVE request and link to the upstream fix: http://openwall.com/lists/oss-security/2016/11/18/12
Appears to be fixed in Cauldron by Shlomi.
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
CVE-2016-944[56]: http://openwall.com/lists/oss-security/2016/11/18/13
Summary: gstreamer0.10-plugins-bad, gstreamer1.0-plugins-bad new security issue in VMWare screen capture file decoder => gstreamer0.10-plugins-bad, gstreamer1.0-plugins-bad new security issue in VMWare screen capture file decoder (CVE-2016-944[56])
CVE-2016-9809, CVE-2016-981[23] assigned for issues fixed in 1.10.2: http://openwall.com/lists/oss-security/2016/12/05/8
LWN reference for CVE-2016-9809: https://lwn.net/Vulnerabilities/708524/
LWN reference for CVE-2016-981[23]: https://lwn.net/Vulnerabilities/708873/ Fedora has issued an advisory for this on December 9: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IQKP5AYCCUOV4CJ6YAVAIDLWZRXEY7JG/
Depends on: (none) => 20238
Fixed in: https://advisories.mageia.org/MGASA-2018-0012.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED