Package: gst-plugins-base1.0

Package: gst-plugins-base1.0 / 1.10.4-1+deb9u1

Metadata

Package	Version	Patches format
gst-plugins-base1.0	1.10.4-1+deb9u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
CVE 2019 9928.patch \| (download)	gst-libs/gst/rtsp/gstrtspconnection.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] gstrtspconnection: security loophole making heap overflow The former code allowed an attacker to create a heap overflow by sending a longer than allowed session id in a response and including a semicolon to change the maximum length. With this change, the parser will never go beyond 512 bytes.

Patch

File delta

Description

CVE 2019 9928.patch | (download)

gst-libs/gst/rtsp/gstrtspconnection.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] gstrtspconnection: security loophole making heap overflow

The former code allowed an attacker to create a heap overflow by
sending a longer than allowed session id in a response and including a
semicolon to change the maximum length. With this change, the parser
will never go beyond 512 bytes.