UbuntuUpdates.org

Package "libpipewire-0.3-modules"

Name: libpipewire-0.3-modules

Description:

libraries for the PipeWire multimedia server - modules

Latest version: 1.0.5-1ubuntu3.3
Release: noble (24.04)
Level: updates
Repository: main
Head package: pipewire
Homepage: https://pipewire.org/

Links


Download "libpipewire-0.3-modules"


Other versions of "libpipewire-0.3-modules" in Noble

Repository Area Version
base main 1.0.5-1
security main 1.0.5-1ubuntu3.3

Changelog

Version: 1.0.5-1ubuntu3.3 2026-07-13 22:09:27 UTC

  pipewire (1.0.5-1ubuntu3.3) noble-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in RAOP module.
    - debian/patches/CVE-2026-14324.patch: limit RTSP content-length and
      check allocation in src/modules/module-raop/rtsp-client.c
    - CVE-2026-14324
  * SECURITY UPDATE: Denial of service in Pulse module.
    - debian/patches/CVE-2026-14330-pre1.patch: Add a MAX_ALLOCA_SIZE limit
      and check element counts before each alloca() call in
      src/modules/module-protocol-pulse/pulse-server.c
    - debian/patches/CVE-2026-14330.patch: Make a function like alloca but
      with overflow checks and a max allocation size in
      spa/include/spa/utils/defs.h, spa/plugins/audioconvert/audioadapter.c,
      src/modules/module-protocol-pulse/defs.h,
      src/modules/module-protocol-pulse/message.c,
      src/modules/module-protocol-pulse/pulse-server.c,
      src/pipewire/buffers.c, and src/pipewire/impl-node.c
    - CVE-2026-14330

 -- Kyle Kernick <email address hidden> Wed, 08 Jul 2026 17:47:47 -0600

Source diff to previous version
CVE-2026-14324 RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.
CVE-2026-14330 Multiple unbounded alloca() calls in the PulseAudio protocol server.

Version: 1.0.5-1ubuntu3.2 2025-12-16 10:37:02 UTC

  pipewire (1.0.5-1ubuntu3.2) noble; urgency=medium

  * Fix v4l2oopback devices not work with pipewire (LP: #2131647)
    - d/p/v4l2-queue-dropped-first-buffer-again.patch
    - d/p/v4l2-probe-number-of-buffers-as-well.patch
    - d/p/v4l2-use-a-separate-flag-to-skip-the-first-buffer.patch
    - d/p/v4l2-Add-mmap-fallback-when-USERPTR-is-not-supported.patch

 -- Dirk Su <email address hidden> Mon, 17 Nov 2025 16:02:03 +0800

Source diff to previous version
2131647 pipewire failed to work with v4l2loopback devices

Version: 1.0.5-1ubuntu3.1 2025-07-09 20:56:40 UTC

  pipewire (1.0.5-1ubuntu3.1) noble; urgency=medium

  * Fix duplicated audio samples played after silence (LP: #2100497)
    - d/p/lp2100497_0001-pulse-server-make-a-function-to-silence-a-buffer.patch
    - d/p/lp2100497_0002-pulse-server-clear-old-data-when-jumping-forwards.patch

 -- Ioanna Alifieraki <email address hidden> Tue, 29 Apr 2025 15:53:42 +0000

Source diff to previous version
2100497 Duplicated audio sample played after silence

Version: 1.0.5-1ubuntu3 2025-02-26 21:06:56 UTC

  pipewire (1.0.5-1ubuntu3) noble; urgency=medium

  * debian/patches/git_fix_videoacl.patch:
    - replace our incomplete cherry pick by the version that landed
      upstream as part of merge request #2145 (lp: #2061687)

 -- Nathan Pratta Teodosio <email address hidden> Thu, 13 Feb 2025 21:37:23 +0100

Source diff to previous version
2061687 Snapshot doesn't work until camera is unplugged and plugged back in or pipewire or wireplumber is restarted

Version: 1.0.5-1ubuntu2 2024-11-07 16:07:04 UTC

  pipewire (1.0.5-1ubuntu2) noble; urgency=medium

  * d/p/snapshot: Fix missing V4L2 sources that manifest in Snapshot failing
    to find a camera (LP: #2061687).

 -- Nathan Pratta Teodosio <email address hidden> Tue, 08 Oct 2024 17:02:49 +0200

2061687 Snapshot doesn't work until camera is unplugged and plugged back in or pipewire or wireplumber is restarted



About   -   Send Feedback to @ubuntu_updates