Package: gst-plugins-base1.0 / 1.14.4-2+deb10u1
Metadata
Package | Version | Patches format |
---|---|---|
gst-plugins-base1.0 | 1.14.4-2+deb10u1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
0001 gstrtspconnection Security loophole making heap over.patch | (download) |
gst-libs/gst/rtsp/gstrtspconnection.c |
2 1 + 1 - 0 ! |
[patch] gstrtspconnection: security loophole making heap overflow The former code allowed an attacker to create a heap overflow by sending a longer than allowed session id in a response and including a semicolon to change the maximum length. With this change, the parser will never go beyond 512 bytes. |
0001 tag id3v2 fix frame size check and potential invalid reads.patch | (download) |
gst-libs/gst/tag/id3v2frames.c |
2 1 + 1 - 0 ! |
[patch] tag: id3v2: fix frame size check and potential invalid reads Check the right variable when checking if there's enough data left to read the frame size. Closes https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/1065> |
1