flxdec security update tracking bug

Bug #1643901 reported by Marc Deslauriers on 2016-11-22
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gst-plugins-good0.10 (Ubuntu)
Precise
Medium
Marc Deslauriers
Trusty
Medium
Marc Deslauriers
Xenial
Medium
Marc Deslauriers
gst-plugins-good1.0 (Ubuntu)
Medium
Unassigned
Trusty
Medium
Marc Deslauriers
Xenial
Medium
Marc Deslauriers
Yakkety
Medium
Marc Deslauriers
Zesty
Medium
Unassigned

Bug Description

This bug is to track the security update to fix the flxdec out-of-bounds write.

Changed in gst-plugins-good1.0 (Ubuntu Precise):
status: New → Invalid
Changed in gst-plugins-good0.10 (Ubuntu Yakkety):
status: New → Invalid
Changed in gst-plugins-good0.10 (Ubuntu Zesty):
status: New → Invalid
Changed in gst-plugins-good0.10 (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good0.10 (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good0.10 (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good1.0 (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good1.0 (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good1.0 (Ubuntu Yakkety):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good1.0 (Ubuntu Zesty):
status: New → Confirmed
Simon Déziel (sdeziel) wrote :

Marc, I'm assuming this is related to this https://scarybeastsecurity.blogspot.ca/2016/11/0day-exploit-advancing-exploitation.html, right?

Like the author, I question the upstream decision to include FLIC support in the "good" set. Would it be possible to move that plugin to the "bad" or the "ugly" set since it's presumably a very rarely used format?

Marc Deslauriers (mdeslaur) wrote :

I don't plan on moving the plugin at this time as that is too intrusive for a minimal security update.

Changed in gst-plugins-good0.10 (Ubuntu Precise):
status: In Progress → Fix Released
Changed in gst-plugins-good0.10 (Ubuntu Trusty):
status: In Progress → Fix Released
Changed in gst-plugins-good0.10 (Ubuntu Xenial):
status: In Progress → Fix Released
Changed in gst-plugins-good1.0 (Ubuntu Trusty):
status: In Progress → Fix Released
Changed in gst-plugins-good1.0 (Ubuntu Xenial):
status: In Progress → Fix Released
Changed in gst-plugins-good1.0 (Ubuntu Yakkety):
status: In Progress → Fix Released
no longer affects: gst-plugins-good0.10 (Ubuntu Yakkety)
no longer affects: gst-plugins-good0.10 (Ubuntu Zesty)
Changed in gst-plugins-good0.10 (Ubuntu):
importance: Undecided → Medium
status: Invalid → Fix Released
no longer affects: gst-plugins-good1.0 (Ubuntu Precise)
no longer affects: gst-plugins-good0.10 (Ubuntu)
Changed in gst-plugins-good1.0 (Ubuntu Zesty):
importance: Undecided → Medium
Changed in gst-plugins-good1.0 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers