Package: gst-plugins-base1.0 / 1.14.4-2
Patch seriesview the series file
|0001 gstrtspconnection Security loophole making heap over.patch | (download)||
2 1 + 1 - 0 !
[patch] gstrtspconnection: security loophole making heap overflow The former code allowed an attacker to create a heap overflow by sending a longer than allowed session id in a response and including a semicolon to change the maximum length. With this change, the parser will never go beyond 512 bytes.