Go to file
Graham Christensen afd59811a1
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
 - CVE-2017-5843 (arbitrary code execution): A double-free issue has
 been found in gstreamer before 1.10.3, in
 gst_mxf_demux_update_essence_tracks.

- CVE-2017-5848 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/

gst-plugins-base:
From the Arch Linux advisory:

- CVE-2017-5837 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.

- CVE-2017-5839 (denial of service): An endless recursion issue
  leading to stack overflow has been found in gstreamer before 1.10.3,
  in gst_riff_create_audio_caps.

- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
  been found in gstreamer before 1.10.3, in
  html_context_handle_element.

- CVE-2017-5844 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/

gst-plugins-good:
From the Arch Linux advisory:

- CVE-2016-10198 (denial of service): An invalid memory read flaw has
  been found in gstreamer before 1.10.3, in
  gst_aac_parse_sink_setcaps.

- CVE-2016-10199 (denial of service): An out of bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.

- CVE-2017-5840 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_parse_samples.

- CVE-2017-5841 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.

- CVE-2017-5845 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/

gst-plugins-ugly:
From the Arch Linux advisory:

- CVE-2017-5846 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_stream_props.

- CVE-2017-5847 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/

gstreamer:
From the Arch Linux advisory:

An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
2017-02-08 08:30:23 -05:00
.github CONTRIBUTING.md: improve commit message guidelines 2017-02-06 22:26:32 +02:00
doc Merge pull request #22387 from Ericson2314/cross-3-platforms 2017-02-05 17:41:31 -05:00
lib ecopcr: init at 0.8.0 2017-02-06 16:01:08 +01:00
maintainers Add a script to get failures for hydra eval /cc @globin 2017-01-28 22:29:15 +01:00
nixos nixos/systemd: set r-x group permissions on /var/log/journal 2017-02-08 16:06:14 +03:00
pkgs gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs 2017-02-08 08:30:23 -05:00
.editorconfig Do not trim trailing whitespace in patch files 2017-01-12 23:44:26 +01:00
.gitignore kde5: consolidate packages into desktops/kde-5 2016-03-01 10:36:00 -06:00
.mention-bot include me in mention bot for darwin 2016-12-09 21:19:32 +01:00
.travis.yml travis: also evaluate nixpkgs-unstable 2016-12-15 22:43:14 +01:00
.version unstable is now 17.03 2016-09-02 08:47:21 +02:00
COPYING Time passing by 2017-01-01 21:35:52 +01:00
default.nix Separate fix-point from config importing hacks and other impurities 2016-07-14 14:33:23 -07:00
README.md README: Update to 16.09 2016-10-04 17:45:24 +02:00

logo

Build Status Code Triagers Badge

Nixpkgs is a collection of packages for the Nix package manager. It is periodically built and tested by the hydra build daemon as so-called channels. To get channel information via git, add nixpkgs-channels as a remote:

% git remote add channels git://github.com/NixOS/nixpkgs-channels.git

For stability and maximum binary package support, it is recommended to maintain custom changes on top of one of the channels, e.g. nixos-16.09 for the latest release and nixos-unstable for the latest successful build of master:

% git remote update channels
% git rebase channels/nixos-16.09

For pull-requests, please rebase onto nixpkgs master.

NixOS linux distribution source code is located inside nixos/ folder.

Communication: