[SRU] New stable release 1.8.3

Bug #1619600 reported by Iain Lane on 2016-09-02
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gst-libav1.0 (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Iain Lane
gst-plugins-bad1.0 (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Iain Lane
gst-plugins-base1.0 (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Iain Lane
gst-plugins-good1.0 (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Iain Lane
gst-plugins-ugly1.0 (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Iain Lane
gstreamer-vaapi (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Iain Lane
gstreamer1.0 (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Iain Lane

Bug Description

[ Description ]

We should keep up with GStreamer's bugfix releases in the 1.8 series that 16.04 shipped with.

[ QA and testing ]

Play a range of videos in Totem. Play a range of audio tracks in Rhythmbox. Try to stream audio and/or video. Try to install a missing codec.

In all cases, make sure that everything which worked before still works.

[ Regression potential ]

One of the fixes could be bad. Watch out for it.

CVE References

Iain Lane (laney) on 2016-09-02
Changed in gst-libav1.0 (Ubuntu):
status: New → Fix Released
Changed in gst-plugins-bad1.0 (Ubuntu):
status: New → Fix Released
Changed in gst-plugins-base1.0 (Ubuntu):
status: New → Fix Released
Changed in gst-plugins-good1.0 (Ubuntu):
status: New → Fix Released
Changed in gst-plugins-ugly1.0 (Ubuntu):
status: New → Fix Released
Changed in gstreamer-vaapi (Ubuntu):
status: New → Fix Released
Changed in gstreamer1.0 (Ubuntu):
status: New → Fix Released
Changed in gst-libav1.0 (Ubuntu Xenial):
status: New → In Progress
assignee: nobody → Iain Lane (laney)
Changed in gst-plugins-bad1.0 (Ubuntu Xenial):
assignee: nobody → Iain Lane (laney)
status: New → In Progress
Changed in gst-plugins-base1.0 (Ubuntu Xenial):
assignee: nobody → Iain Lane (laney)
status: New → In Progress
Changed in gst-plugins-good1.0 (Ubuntu Xenial):
assignee: nobody → Iain Lane (laney)
status: New → In Progress
Changed in gst-plugins-ugly1.0 (Ubuntu Xenial):
assignee: nobody → Iain Lane (laney)
status: New → In Progress
Changed in gstreamer-vaapi (Ubuntu Xenial):
assignee: nobody → Iain Lane (laney)
status: New → In Progress
Changed in gstreamer1.0 (Ubuntu Xenial):
assignee: nobody → Iain Lane (laney)
status: New → In Progress
Iain Lane (laney) wrote :
Changed in gst-libav1.0 (Ubuntu Xenial):
status: In Progress → Incomplete
Iain Lane (laney) wrote :

vaapi will follow after -bad is accepted

-bad contains some updates from yakkety which I think Xenial should get too, but let me know if it's a problem

Changed in gstreamer-vaapi (Ubuntu Xenial):
status: In Progress → Incomplete
Iain Lane (laney) wrote :

Never mind that - I cooked up a patch for gst-libav1.0, submitted it upstream & uploaded to xenial-proposed unapproved

Changed in gst-libav1.0 (Ubuntu Xenial):
status: Incomplete → In Progress

Hello Iain, or anyone else affected,

Accepted gstreamer1.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gstreamer1.0/1.8.3-1~ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gstreamer1.0 (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in gst-plugins-bad1.0 (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in gst-plugins-good1.0 (Ubuntu Xenial):
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Hello Iain, or anyone else affected,

Accepted gst-plugins-bad1.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.8.3-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Martin Pitt (pitti) wrote :

Hello Iain, or anyone else affected,

Accepted gst-plugins-good1.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.8.3-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gst-plugins-base1.0 (Ubuntu Xenial):
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Hello Iain, or anyone else affected,

Accepted gst-plugins-base1.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.8.3-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gst-plugins-ugly1.0 (Ubuntu Xenial):
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Hello Iain, or anyone else affected,

Accepted gst-plugins-ugly1.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gst-plugins-ugly1.0/1.8.3-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gst-libav1.0 (Ubuntu Xenial):
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Hello Iain, or anyone else affected,

Accepted gst-libav1.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gst-libav1.0/1.8.3-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Amr Ibrahim (amribrahim1987) wrote :

Verification anyone?

Jeremy Bicha (jbicha) wrote :

Amir, if you're using Ubuntu 16.04, you can do the verification. Just install the proposed gstreamer1.0 packages and ensure that playing audio and videos files still works, etc.

Tyler Hicks (tyhicks) wrote :

This SRU needs to be updated to incorporate the security update changes made in 1.8.2-1ubuntu0.2 for CVE-2016-9445. Marking this bug as verification-failed.

tags: added: verification-failed
removed: verification-needed
Tyler Hicks (tyhicks) wrote :

Since this SRU is targeted against many source packages, I should clarify that the last comment was specifically about gst-plugins-bad1.0 in xenial-security.

Iain Lane (laney) wrote :

Brilliant.

Iain Lane (laney) wrote :

Ok, reuploaded. And I forgot to do vaapi too, doing that now.

Changed in gstreamer-vaapi (Ubuntu Xenial):
status: Incomplete → In Progress
Robie Basak (racb) wrote :

Hello Iain, or anyone else affected,

Accepted gst-plugins-bad1.0 into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.8.3-1ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gst-plugins-bad1.0 (Ubuntu Yakkety):
status: New → Fix Committed
tags: removed: verification-failed
tags: added: verification-needed
Robie Basak (racb) wrote :

Apologies, that should be for Xenial, not Yakkety.

Robie Basak (racb) wrote :

Hello Iain, or anyone else affected,

Accepted gst-plugins-bad1.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.8.3-1ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gst-plugins-bad1.0 (Ubuntu Yakkety):
status: Fix Committed → Invalid
Robie Basak (racb) wrote :

Hello Iain, or anyone else affected,

Accepted gst-plugins-bad1.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.8.3-1ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Marc Deslauriers (mdeslaur) wrote :

gst-plugins-good1.0 also needs to be updated to incorporate the security fixes from (1.8.2-1ubuntu0.2). Marking as verification-failed until then.

tags: added: verification-failed
removed: verification-needed

On Wed, Nov 23, 2016 at 03:45:46PM -0000, Marc Deslauriers wrote:
> gst-plugins-good1.0 also needs to be updated to incorporate the security
> fixes from (1.8.2-1ubuntu0.2). Marking as verification-failed until
> then.

I will do that tomorrow, but please note that there are further commits
to flxdec that you might want in -security. They fix a crash, not sure
if it is exploitable.

  https://cgit.freedesktop.org/gstreamer/gst-plugins-good/log/?h=1.8

AFL-testing all the remaining elements would be a good exercise,
although I bet someone is doing that now.

--
Iain Lane [ <email address hidden> ]
Debian Developer [ <email address hidden> ]
Ubuntu Developer [ <email address hidden> ]

Iain Lane (laney) wrote :

Reuploaded -good

Hello Iain, or anyone else affected,

Accepted gstreamer-vaapi into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gstreamer-vaapi/1.8.3-1~ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gstreamer-vaapi (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: removed: verification-failed
tags: added: verification-needed
Timo Aaltonen (tjaalton) wrote :

Hello Iain, or anyone else affected,

Accepted gst-plugins-good1.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.8.3-1ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Marc Deslauriers (mdeslaur) wrote :

gst-plugins-good1.0 needs to be updated to incorporate the security fixes from (1.8.2-1ubuntu0.3). Marking as verification-failed until then.

tags: added: verification-failed
removed: verification-needed

On Wed, Nov 30, 2016 at 06:49:59PM -0000, Marc Deslauriers wrote:
> gst-plugins-good1.0 needs to be updated to incorporate the security
> fixes from (1.8.2-1ubuntu0.3). Marking as verification-failed until
> then.

This is really awesome.

--
Iain Lane [ <email address hidden> ]
Debian Developer [ <email address hidden> ]
Ubuntu Developer [ <email address hidden> ]

Marc Deslauriers (mdeslaur) wrote :

There are more security updates coming out soon, so I suggest waiting for now.

Iain Lane (laney) wrote :

On Thu, Dec 01, 2016 at 12:04:41PM -0000, Marc Deslauriers wrote:
> There are more security updates coming out soon, so I suggest waiting
> for now.

You don't have to, but if you use the ubuntu-xenial-security branches in
the listed VCS then it'll be easy to merge the SRU back in. (git
checkout ubuntu; git merge ubuntu-xenial-security; update changelog;
gbp buildpackage -S -v...; upload)

--
Iain Lane [ <email address hidden> ]
Debian Developer [ <email address hidden> ]
Ubuntu Developer [ <email address hidden> ]

no longer affects: gst-plugins-bad1.0 (Ubuntu Yakkety)
Iain Lane (laney) wrote :

I uploaded -good again.

Hello Iain, or anyone else affected,

Accepted gst-plugins-good1.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.8.3-1ubuntu0.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: removed: verification-failed
tags: added: verification-needed
Iain Lane (laney) wrote :

Let's get this in. I gave it a bit of a workout and it seems okay to me.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gst-libav1.0 - 1.8.3-1ubuntu0.1

---------------
gst-libav1.0 (1.8.3-1ubuntu0.1) xenial; urgency=medium

  * Backport from yakkety to 16.04 (LP: #1619600)
  * debian/patches/0001-Only-use-AV_CODEC_ID_WRAPPED_AVFRAME-on-new-enough-l.patch:
    Take patch from upstream bug #770753 to fix the build with xenial's
    ffmpeg.

 -- Iain Lane <email address hidden> Fri, 02 Sep 2016 14:30:43 +0100

Changed in gst-libav1.0 (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for gst-libav1.0 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gst-plugins-ugly1.0 - 1.8.3-1ubuntu0.1

---------------
gst-plugins-ugly1.0 (1.8.3-1ubuntu0.1) xenial; urgency=medium

  * No-change backport from yakkety to 16.04 (LP: #1619600)

gst-plugins-ugly1.0 (1.8.3-1ubuntu1) yakkety; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    + Split AMR out into a gstreamer1.0-plugins-ugly-amr package.
    + Run dh_install with --fail-missing to error out if files aren't
      installed.
    + debian/control{,.in}: Update Vcs-* for Ubuntu

gst-plugins-ugly1.0 (1.8.3-1) unstable; urgency=medium

  * New upstream bugfix release.

 -- Iain Lane <email address hidden> Fri, 02 Sep 2016 13:09:59 +0100

Changed in gst-plugins-ugly1.0 (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gst-plugins-base1.0 - 1.8.3-1ubuntu0.1

---------------
gst-plugins-base1.0 (1.8.3-1ubuntu0.1) xenial; urgency=medium

  * No-change backport from yakkety to 16.04 (LP: #1619600)

gst-plugins-base1.0 (1.8.3-1ubuntu1) yakkety; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    + 0001-riff-Add-input-buffer-size-to-GstCaps.patch: Take patch from
      Alfonso Sanchez-Beato on upstream bug #737599 to add a field in the
      GstCaps containing the suggested buffer size for this stream.
    + Update Vcs-* for Ubuntu

gst-plugins-base1.0 (1.8.3-1) unstable; urgency=medium

  * New upstream bugfix release.

 -- Iain Lane <email address hidden> Fri, 02 Sep 2016 13:09:13 +0100

Changed in gst-plugins-base1.0 (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gst-plugins-bad1.0 - 1.8.3-1ubuntu0.2

---------------
gst-plugins-bad1.0 (1.8.3-1ubuntu0.2) xenial; urgency=medium

  * Rebase on top of security update.

gst-plugins-bad1.0 (1.8.3-1ubuntu0.1) xenial; urgency=medium

  * Backport from yakkety to 16.04 (LP: #1619600)
  * debian/build-deps.in: Revert change to OpenJPEG 2.1.

gst-plugins-bad1.0 (1.8.3-1ubuntu1) yakkety; urgency=medium

  * Merge with Debian unstable; remaining changes:
    + Stop installing camerabin2 basecamerabin jpegformat - plugins which have
    moved to -good.
    + Provide gstreamer-plugins-bad-1.0.pc with Requires on
      gstreamer-plugins-good-1.0 - the package we've moved the referenced
      library to. This maintains compatibility with upstream software and
      other distributions.
    + debian/patches/adding-mirsink-and-android-media-over-hybris-support.patch:
      - Adding mirsink and Android media over hybris support, for hardware
        accelerated decode using libstagefright and the hybris compat layer.
    + debian/control.in:
      - Making the hybris plugin as part of a separated package, and i386 and
        armhf only (can only work with android compatible archs)
    + debian/build-deps.in:
      - Adding mirsink/android decoder specific build dependencies for i386 and
        armhf (libplatform-api1-dev and libmedia-dev)
    + Split videoparsers and faad out into their own packages.
    + Disable gl and glx on armhf as it's not useful there.
    + debian/control{,.in}: Update Vcs-* for Ubuntu
    + debian/watch: Update Vcs-* for new URL scheme

gst-plugins-bad1.0 (1.8.3-1) unstable; urgency=medium

  * New upstream bugfix release.

gst-plugins-bad1.0 (1.8.2-1ubuntu4) yakkety; urgency=medium

  [ Alfonso Sanchez-Beato (email Canonical) ]
  * amchybris: add buffer format for midori

gst-plugins-bad1.0 (1.8.2-1ubuntu3) yakkety; urgency=medium

  * No-change rebuild against latest libwebp

gst-plugins-bad1.0 (1.8.2-1ubuntu2) yakkety; urgency=medium

  * Rebuild against libopencv-highgui2.4-deb0.

gst-plugins-bad1.0 (1.8.2-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via integer overflow in vmncdec
    - debian/patches/vmncdec_overflow.patch: sanity-check width/height
      before using it in gst/vmnc/vmncdec.c.
    - No CVE number

 -- Iain Lane <email address hidden> Tue, 22 Nov 2016 09:26:18 +0000

Changed in gst-plugins-bad1.0 (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gstreamer1.0 - 1.8.3-1~ubuntu0.1

---------------
gstreamer1.0 (1.8.3-1~ubuntu0.1) xenial; urgency=medium

  * No-change backport from yakkety to 16.04 (LP: #1619600)

gstreamer1.0 (1.8.3-1) unstable; urgency=medium

  * New upstream bugfix release.

 -- Iain Lane <email address hidden> Fri, 02 Sep 2016 14:13:26 +0100

Changed in gstreamer1.0 (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gstreamer-vaapi - 1.8.3-1~ubuntu0.1

---------------
gstreamer-vaapi (1.8.3-1~ubuntu0.1) xenial; urgency=medium

  * No-change backport to xenial (LP: #1619600)

gstreamer-vaapi (1.8.3-1) unstable; urgency=medium

  * New upstream release.

 -- Iain Lane <email address hidden> Tue, 22 Nov 2016 09:40:36 +0000

Changed in gstreamer-vaapi (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gst-plugins-good1.0 - 1.8.3-1ubuntu0.3

---------------
gst-plugins-good1.0 (1.8.3-1ubuntu0.3) xenial; urgency=medium

  * Rebase on top of security update again.

gst-plugins-good1.0 (1.8.3-1ubuntu0.2) xenial; urgency=medium

  * Rebase on top of security update.

gst-plugins-good1.0 (1.8.3-1ubuntu0.1) xenial; urgency=medium

  * No-change backport from yakkety to 16.04 (LP: #1619600)

gst-plugins-good1.0 (1.8.3-1ubuntu1) yakkety; urgency=medium

  * Merge with Debian unstable; remaining changes:
    + Import plugins from -bad that are needed for main applications.
      - jpegformat
      - camerabin2 (+ basecamerabinsrc + photography)
    + Break and Replace -bad versions which contained these plugins.
    + Add a library package containing the shared library and a -dev package for
      compiling against it. Add Breaks and Replaces against the plugins packages
      which formerly contained files shipped here.
    + Add 'pluginsdir' variable to our added pcfile for compatibility with
      some external software
    + debian/control{,.in}: Update Vcs-* for Ubuntu

gst-plugins-good1.0 (1.8.3-1) unstable; urgency=medium

  * New upstream bugfix release.

gst-plugins-good1.0 (1.8.2-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for flx decoder
    - debian/patches/flxdec-bounds3.patch: don't unref() parent in the
      chain function in gst/flx/gstflxdec.c.
    - debian/patches/flxdec-bounds4.patch: rewrite logic based on
      GstByteReader/Writer in gst/flx/flx_color.c, gst/flx/flx_fmt.h,
      gst/flx/gstflxdec.c, gst/flx/gstflxdec.h.
    - No CVE number

gst-plugins-good1.0 (1.8.2-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via out-of-bounds write in flx decoder
    - debian/patches/flxdec-bounds1.patch: add bounds checking to
      gst/flx/gstflxdec.c.
    - debian/patches/flxdec-bounds2.patch: fix compiler warnings in
      gst/flx/gstflxdec.c.
    - No CVE number

 -- Iain Lane <email address hidden> Fri, 13 Jan 2017 12:56:06 +0000

Changed in gst-plugins-good1.0 (Ubuntu Xenial):
status: Fix Committed → Fix Released
Doug McMahon (mc3man) wrote :

Well gstreamer1.0-libav_1.8.3-1ubuntu0.1 breaks wma playback, at least with tested wmal file.
Test file: http://samples.mplayerhq.hu/A-codecs/lossless/luckynight.wma

Want a new bug??

tags: added: gst-libav verification-failed
removed: verification-done
Doug McMahon (mc3man) wrote :

New bug, this only affects 16.04 as 17.04 has newer ffmpeg libs
Bug 1661842

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.