[Bug 678774] New: Please do a new gst-ffmpeg-0.10.x release
GStreamer (bugzilla.gnome.org)
bugzilla at gnome.org
Mon Jun 25 02:50:22 PDT 2012
https://bugzilla.gnome.org/show_bug.cgi?id=678774
GStreamer | gst-ffmpeg | 0.10.x
Summary: Please do a new gst-ffmpeg-0.10.x release
Classification: Platform
Product: GStreamer
Version: 0.10.x
OS/Version: Linux
Status: UNCONFIRMED
Severity: critical
Priority: Normal
Component: gst-ffmpeg
AssignedTo: gstreamer-bugs at lists.freedesktop.org
ReportedBy: jwrdegoede at fedoraproject.org
QAContact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
Hi,
Since the gst-ffmpeg-0.10.13 release there have been 2 new releases of the
(bundled) libav library: 0.8.2 and 0.8.3, see: http://libav.org/
Both of which fix a long list of security issues. Since the advised way to
build gst-ffmpeg is with the bundled libav I would expect the gstreamer project
to provide updates releases shortly after a new libav release to close any
security issues fixed by new libav releases.
Setting severity to critical since the current gst-ffmpeg 0.10.x release is
vulnerable to a long list of CVE-s because of the old bundled libav:
CVE-2012-0947
CVE-2012-0858
CVE-2012-0853
CVE-2012-0852
CVE-2012-0851
CVE-2012-0850
CVE-2011-4031
CVE-2011-3952
CVE-2011-3951
CVE-2011-3947
CVE-2011-3945
CVE-2011-3940
CVE-2011-3937
CVE-2011-3936
CVE-2011-3929
Regards,
Hans
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list