Hi Joey Am 08.12.2016 um 03:01 schrieb Joey Hess: > Package: gnome-video-effects > Version: 0.4.1-3 > Severity: normal > > gstreamer-plugins-bad has been in the news at least twice recently for > security holes. > > http://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-compromising-linux-desktop.html > https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-risky-design-decisions-in.html > > It seems likely that it will continue to be a source of such security > holes.
This doesn't immediately address your concern, but I just uploaded tracker including this change: "tracker-extract: Sandbox extractor threads. Filesystem and network access are limited to being read and local only." > I wanted to remove gstreamer-plugins-bad from my system, but this would > remove gnome-video-effects, which would remove cheese. I don't know why > cheese needs a ton of insecurely implemented codecs for playing Nintendo > games etc in order to take snapshots and record videos. Probably it doesn't? gnome-video-effects is just one of many others depending on gstreamer-plugins-bad, and I guess we have to check each and every one of them. Laurent, this dependency was originally added by you. Do you remember the details and why this needs to be a hard dependency? The only real dependency of gnome-video-effects is cheese, would some of the cheese features not work if gstreamer-plugins-bad was not installed? Michael [1] https://anonscm.debian.org/cgit/collab-maint/tracker.git/commit/?id=0ac99d4d549e35d87f23534d52bcba6d23893ffa -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature