Source: gst-plugins-bad0.10 Version: 0.10.23-7.1 Severity: grave Tags: security upstream patch Justification: user security hole Control: fixed -1 0.10.23-7.1+deb7u2
Hi This is as well for keeping track of this issue in the BTS. In DSA-3225-1 a buffer overflow in the plugin for mp4 playback was fixed. For jessie and above the impact is less grave as no browser attack vector is present. But could you fix this issue as well through a jessie-pu? https://security-tracker.debian.org/tracker/CVE-2015-0797 https://www.debian.org/security/2015/dsa-3225 Keeping the severity to RC (unless you dissagree), since gst-plugins-bad0.10 might be as well a candidate for removal before the stretch release. Patch: https://sources.debian.net/data/main/g/gst-plugins-bad0.10/0.10.23-7.1+deb7u2/debian/patches/buffer-overflow-mp4.patch Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
