Hello, On Wed, 06 Jan 2016, »Q« wrote: >On Tue, 5 Jan 2016 08:26:42 -0800 >Grant <emailgr...@gmail.com> wrote: > >> > AFAICT, details of the gstreamer bug itself haven't been made public >> > yet, and nobody is sure whether the unmaintained 0.10 branch needs a >> > patch. See <https://bugs.gentoo.org/show_bug.cgi?id=553742#c11> and >> > the following comment. >> >> So everyone is just living with the supposed security vulnerability on >> their system? > >Not everyone. SUSE and Debian seem to have patches for this for 0.10. > ><https://www.suse.com/security/cve/CVE-2015-0797.html> > ><https://www.debian.org/security/2015/dsa-3225>
https://build.opensuse.org/package/view_file/multimedia:libs/gstreamer-0_10-plugins-bad/gstreamer-0_10-plugins-bad-mp4-overflow.patch?expand=1 I've not found other patches for 0.10 there[1]. gstreamer-1.x is at 1.61 there, so no patch. HTH, -dnh [1] https://build.opensuse.org/project/show/multimedia:libs and filter for gstr -- Funny thing is, I once left ASR for about a year, and the thread entitled "sex and the single sysadmin" was _still_ going strong when I returned. It was like I never left. Warm fuzzies. -- AJR
