Ubuntu has issued an advisory on August 8: https://ubuntu.com/security/notices/USN-5555-1 Mageia 8 is also affected.
CC: (none) => jani.valimaaStatus comment: (none) => Patches available from upstream and UbuntuWhiteboard: (none) => MGA8TOO
This is a 'nobody' package, so assigning it globally. wally has touched it quite a lot for new versions; you are already CC'd.
Assignee: bugsquad => pkg-bugs
According to upstream only versions before 1.20.3 are affected. Cauldron is already fixed with gst 1.20.3.
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Source RPM: gstreamer1.0-plugins-good-1.20.3-2.mga9.src.rpm => gstreamer1.0-plugins-good-1.18.5-1.mga8
Pushed gstreamer1.0-plugins-good-1.18.5-1.1.mga8 to mga8 core/updates_testing with patches from upstream. GStreamer-SA-2022-0001 (CVE-2022-1921): https://gstreamer.freedesktop.org/security/sa-2022-0001.html GStreamer-SA-2022-0002 (CVE-2022-1922) (CVE-2022-1923) (CVE-2022-1924) (CVE-2022-1925): https://gstreamer.freedesktop.org/security/sa-2022-0002.html GStreamer-SA-2022-0003 (CVE-2022-2122): https://gstreamer.freedesktop.org/security/sa-2022-0003.html GStreamer-SA-2022-0004 (CVE-2022-1920) https://gstreamer.freedesktop.org/security/sa-2022-0004.html
Assignee: pkg-bugs => qa-bugs
Debian has issued an advisory for this on August 9: https://www.debian.org/security/2022/dsa-5204
Status comment: Patches available from upstream and Ubuntu => (none)
MGA8-64 Plasma on Acer Aspire 5253 No installation issues. Trieed all sorts of media with VLC-player, clementine and from newepaper sit in Firefox. All OK. But I have no idea how these would involve this update. If judged sufficient, I'll have no problem that this update would go thru.
CC: (none) => herman.viaene
MGA8 64 XFCE No installation issues. Tested with VLC on MP3 and AVI files and web radio. Firefox spotify and Netflix. Like Herman I don't know if it's sufficient to validated this rpm.
CC: (none) => guillaume.royer
Tested in a VirtualBox mga8-64 Plasma guest. After reading Comment 5 and Comment 6, I tried "urpmq --whatrequires" and "urpmq --whatrequires-recursive" on this package and got a list, but vlc wasn't on it. So, I must conclude that vlc doesn't use it. Some other video players were on it, though: parole, totem, xplayer. I chose parole, as it's described as being based on gstreamer. I ran parole, played a few videos, then went after the update using Qarepo. No installation issues. After the update I used parole again to play portions of the videos, with no issues. Just for good measure, I also installed totem, and played portions of another assortment of videos, also with no issues. OKing, and validating.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0322.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED