Request to help track down certain security patches and help understand the how-to for importing them to older Gst versions
Unnikrishnan Sreekumar
unnikrishnankgs at gmail.com
Thu Apr 14 18:57:41 UTC 2022
Hi List
I am looking for help with certain security vulnerabilities in GStreamer
and these are my questions:
Questions:
1) Can GStreamer support importing the fixes for CVEs in (3) and (4) below
- for older releases?
If so, how?
2) Could you share details (like commit hashes) about these patches, and
any instructions/tips on how to cherry-pick patches to older GStreamer
releases - for (3) and (4)?
3) Will the security fixes <https://gstreamer.freedesktop.org/security/>
that went in for mkv parser vulnerabilities in Gst 1.18.4 be cherry-picked
to earlier releases like Gst 1.16.2 ?
Specifically for CVEs: CVE-2021-3498
<https://nvd.nist.gov/vuln/detail/CVE-2021-3498> , CVE-2021-3497
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3497>
4) Will the security fixes <https://gstreamer.freedesktop.org/security/>
that went in for rtsp connection parser vulnerability in Gst 1.16.0 be
cherry-picked to earlier releases like Gst 1.14.5 ?
CVE: CVE-2019-9928 <https://nvd.nist.gov/vuln/detail/CVE-2019-9928>
Unnikrishnan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/gstreamer-devel/attachments/20220414/61768a50/attachment.htm>
More information about the gstreamer-devel
mailing list