UbuntuUpdates.org

Package "gst-plugins-good1.0"

Name: gst-plugins-good1.0

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GStreamer plugins from the "good" set
  • GStreamer plugins from the "good" set
  • GStreamer documentation for plugins from the "good" set
  • GStreamer plugin for PulseAudio

Latest version: 1.2.4-1~ubuntu1.4
Release: trusty (14.04)
Level: security
Repository: main

Links



Other versions of "gst-plugins-good1.0" in Trusty

Repository Area Version
base main 1.2.3-1ubuntu2
updates main 1.2.4-1~ubuntu1.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.2.4-1~ubuntu1.4 2017-03-27 18:06:58 UTC

  gst-plugins-good1.0 (1.2.4-1~ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS in gst_aac_parse_sink_setcaps
    - debian/patches/CVE-2016-10198.patch: make sure there's enough data in
      gst/audioparsers/gstaacparse.c.
    - CVE-2016-10198
  * SECURITY UPDATE: DoS in qtdemux_tag_add_str_full
    - debian/patches/CVE-2016-10199.patch: fix out of bounds read in
      gst/isomp4/qtdemux.c.
    - CVE-2016-10199
  * SECURITY UPDATE: DoS in qtdemux_parse_samples
    - debian/patches/CVE-2017-5840.patch: properly increment stts index in
      gst/isomp4/qtdemux.c.
    - CVE-2017-5840

 -- Marc Deslauriers <email address hidden> Thu, 23 Mar 2017 10:43:40 -0400

Source diff to previous version
CVE-2016-1019 Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
CVE-2017-5840 The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial o

Version: 1.2.4-1~ubuntu1.3 2016-11-28 14:07:04 UTC

  gst-plugins-good1.0 (1.2.4-1~ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for flx decoder
    - debian/patches/flxdec-bounds3.patch: don't unref() parent in the
      chain function in gst/flx/gstflxdec.c.
    - debian/patches/flxdec-bounds4.patch: rewrite logic based on
      GstByteReader/Writer in gst/flx/flx_fmt.h, gst/flx/gstflxdec.c,
      gst/flx/gstflxdec.h.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Fri, 25 Nov 2016 13:20:49 -0500

Source diff to previous version

Version: 1.2.4-1~ubuntu1.1 2016-11-22 21:06:47 UTC

  gst-plugins-good1.0 (1.2.4-1~ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: code execution via out-of-bounds write in flx decoder
    - debian/patches/flxdec-bounds1.patch: add bounds checking to
      gst/flx/gstflxdec.c.
    - debian/patches/flxdec-bounds2.patch: fix compiler warnings in
      gst/flx/gstflxdec.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 08:48:11 -0500




About   -   Send Feedback to @ubuntu_updates