Commit Graph

19 Commits

Author SHA1 Message Date
Bjørn Forsman
392331ad58 pythonPackages.gst-python: fix source hash
Commit 5e937b173d
("gstreamer: 1.10.3 -> 1.10.4 for multiple CVEs") bumped the version but not
the hash.
2017-02-26 21:28:41 +01:00
Franz Pletz
5e937b173d
gstreamer: 1.10.3 -> 1.10.4 for multiple CVEs
See https://gstreamer.freedesktop.org/releases/1.10/#1.10.4.

Fixes:

  * CVE-2017-5847
  * CVE-2017-5848

cc #23072
2017-02-26 18:08:42 +01:00
Vladimír Čunát
333e36eca0
pythonPackages.gst-python: fix hash after afd59811a1
/cc #22549.
2017-02-09 09:40:36 +01:00
Graham Christensen
afd59811a1
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
 - CVE-2017-5843 (arbitrary code execution): A double-free issue has
 been found in gstreamer before 1.10.3, in
 gst_mxf_demux_update_essence_tracks.

- CVE-2017-5848 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/

gst-plugins-base:
From the Arch Linux advisory:

- CVE-2017-5837 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.

- CVE-2017-5839 (denial of service): An endless recursion issue
  leading to stack overflow has been found in gstreamer before 1.10.3,
  in gst_riff_create_audio_caps.

- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
  been found in gstreamer before 1.10.3, in
  html_context_handle_element.

- CVE-2017-5844 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/

gst-plugins-good:
From the Arch Linux advisory:

- CVE-2016-10198 (denial of service): An invalid memory read flaw has
  been found in gstreamer before 1.10.3, in
  gst_aac_parse_sink_setcaps.

- CVE-2016-10199 (denial of service): An out of bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.

- CVE-2017-5840 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_parse_samples.

- CVE-2017-5841 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.

- CVE-2017-5845 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/

gst-plugins-ugly:
From the Arch Linux advisory:

- CVE-2017-5846 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_stream_props.

- CVE-2017-5847 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/

gstreamer:
From the Arch Linux advisory:

An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
2017-02-08 08:30:23 -05:00
Graham Christensen
e42f6a11ac
gstreamer: 1.10.1 -> 1.10.2 for multiple CVEs
CVE-2016-9807, CVE-2016-9808, CVE-2016-9809, CVE-2016-9810, CVE-2016-9811, CVE-2016-9812, CVE-2016-9813, CVE-2016-9634, CVE-2016-9635, CVE-2016-9636

https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
2016-12-07 09:10:29 -05:00
Franz Pletz
7a6185d9a1
gstreamer: 1.8.2 -> 1.10.1
Fixes CVE-2016-9445, CVE-2016-9446, CVE-2016-9447.
2016-11-22 15:16:48 +01:00
Frederik Rietdijk
1c74085ccf gstreamer python: do not use top-level python packages 2016-09-25 23:13:17 +02:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Bjørn Forsman
7a096fad7f gst-python: 1.8.1 -> 1.8.2
Aligns version numbers with the rest of GStreamer in nixpkgs.
2016-07-25 00:07:52 +02:00
Bjørn Forsman
d248aef1cf gstreamer: 1.8.0 -> 1.8.1 (bugfixes)
Release notes:
https://gstreamer.freedesktop.org/releases/gstreamer/1.8.1.html

Tested with nox-review; this change does not introduce build breakage.
2016-05-30 21:51:29 +02:00
Thomas Tuegel
6a64edfa0e gstreamer-1.0: multiple outputs 2016-04-25 19:04:24 -05:00
Franz Pletz
5c4e00b6b7 gst_all_1: 1.6.1 -> 1.8.0 (#14628) 2016-04-24 19:40:20 +02:00
宋文武
38812685ed gst-python -> pythonPackages.gst-python 2015-09-18 20:38:18 +08:00
Vladimír Čunát
12e29daed7 gst-1 video-related bumps (released yesterday)
pitivi looks fine, CC @iyzsong.
2014-10-23 10:51:54 +02:00
Vladimír Čunát
3f6d1d08f2 gst_1 python: bugfix update 2014-08-12 22:18:25 +02:00
Mateusz Kowalczyk
7a45996233 Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
宋文武
36af50f69a gst-python: make it works 2014-03-22 23:09:39 +08:00
宋文武
d847b5851f gst-python: update to 1.2.0 2014-03-17 22:09:51 +08:00
Michael Raskin
8f897d2d39 Update/fix farstream: Gajim now at least builds 2014-02-02 19:21:07 +04:00