From patchwork Thu Feb 23 18:55:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gustavo Zacarias X-Patchwork-Id: 731684 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3vTk555xTYz9s74 for ; Fri, 24 Feb 2017 05:57:45 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=zacarias.com.ar header.i=@zacarias.com.ar header.b="R35NczqC"; dkim-atps=neutral Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 987C494E51; Thu, 23 Feb 2017 18:57:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWpJiYw9ERwl; Thu, 23 Feb 2017 18:57:41 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 5D28194E94; Thu, 23 Feb 2017 18:57:41 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 8272F1BFF0F for ; Thu, 23 Feb 2017 18:57:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 813DA8B2D3 for ; Thu, 23 Feb 2017 18:57:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6b7RxrvDgSrK for ; Thu, 23 Feb 2017 18:57:39 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.zacarias.com.ar (www.zacarias.com.ar [176.9.42.171]) by whitealder.osuosl.org (Postfix) with ESMTPS id C27FE8B274 for ; Thu, 23 Feb 2017 18:57:39 +0000 (UTC) Received: from asgard (cpe-190-55-196-87.telecentro-reversos.com.ar [190.55.196.87] (may be forged)) (authenticated bits=0) by www.zacarias.com.ar (8.15.2/8.15.2) with ESMTPSA id v1NIvXeC030613 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 23 Feb 2017 18:57:35 GMT DMARC-Filter: OpenDMARC Filter v1.3.1 www.zacarias.com.ar v1NIvXeC030613 Authentication-Results: zacarias.com.ar; dmarc=fail header.from=zacarias.com.ar Authentication-Results: zacarias.com.ar; spf=pass smtp.mailfrom=gustavo@zacarias.com.ar DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=zacarias.com.ar; s=dkey; t=1487876257; bh=NXsjZDjdD+hlKuVzSZ6oW/GxKGonEtp7VqUa0H+QlbE=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=R35NczqCfsPsoK+0VuCAhLueVEMlVtPizfifTwZhFflYNffHk6IVZhOcUHfjgoqE5 8qXqqUPpv1iVT1BOoL0EjV2UP3536/Dn5YEk1BSD1htCiPkRvS3/++r4LtiECuasfk +ZBJt6W2GxG1SqUS1JprnpoqC8hsytM7WRnac70E= Received: by asgard (sSMTP sendmail emulation); Thu, 23 Feb 2017 15:57:32 -0300 From: Gustavo Zacarias To: buildroot@busybox.net Date: Thu, 23 Feb 2017 15:55:25 -0300 Message-Id: <20170223185529.14129-6-gustavo@zacarias.com.ar> X-Mailer: git-send-email 2.10.2 In-Reply-To: <20170223185529.14129-1-gustavo@zacarias.com.ar> References: <20170223185529.14129-1-gustavo@zacarias.com.ar> X-Virus-Scanned: clamav-milter 0.99 at www X-Virus-Status: Clean Subject: [Buildroot] [PATCH master 5/9] gst1-plugins-ugly: security bump to version 1.10.4 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Fixes: CVE-2017-5847 - The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. Signed-off-by: Gustavo Zacarias --- package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.hash | 4 ++-- package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.hash b/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.hash index 6b4f0c7..9567d9c 100644 --- a/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.hash +++ b/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.hash @@ -1,2 +1,2 @@ -# From http://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.10.3.tar.xz.sha256sum -sha256 c91597d03abff9df435ad4892eae44df1ee14159c7cc7317ac9d2766ff446bd2 gst-plugins-ugly-1.10.3.tar.xz +# From http://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.10.4.tar.xz.sha256sum +sha256 6386c77ca8459cba431ed0b63da780c7062c7cc48055d222024d8eaf198ffa59 gst-plugins-ugly-1.10.4.tar.xz diff --git a/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.mk b/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.mk index 2f68145..d503555 100644 --- a/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.mk +++ b/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.mk @@ -4,7 +4,7 @@ # ################################################################################ -GST1_PLUGINS_UGLY_VERSION = 1.10.3 +GST1_PLUGINS_UGLY_VERSION = 1.10.4 GST1_PLUGINS_UGLY_SOURCE = gst-plugins-ugly-$(GST1_PLUGINS_UGLY_VERSION).tar.xz GST1_PLUGINS_UGLY_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-ugly GST1_PLUGINS_UGLY_LICENSE_FILES = COPYING