nixpkgs/pkgs/development
Graham Christensen afd59811a1
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
 - CVE-2017-5843 (arbitrary code execution): A double-free issue has
 been found in gstreamer before 1.10.3, in
 gst_mxf_demux_update_essence_tracks.

- CVE-2017-5848 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/

gst-plugins-base:
From the Arch Linux advisory:

- CVE-2017-5837 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.

- CVE-2017-5839 (denial of service): An endless recursion issue
  leading to stack overflow has been found in gstreamer before 1.10.3,
  in gst_riff_create_audio_caps.

- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
  been found in gstreamer before 1.10.3, in
  html_context_handle_element.

- CVE-2017-5844 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/

gst-plugins-good:
From the Arch Linux advisory:

- CVE-2016-10198 (denial of service): An invalid memory read flaw has
  been found in gstreamer before 1.10.3, in
  gst_aac_parse_sink_setcaps.

- CVE-2016-10199 (denial of service): An out of bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.

- CVE-2017-5840 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_parse_samples.

- CVE-2017-5841 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.

- CVE-2017-5845 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/

gst-plugins-ugly:
From the Arch Linux advisory:

- CVE-2017-5846 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_stream_props.

- CVE-2017-5847 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/

gstreamer:
From the Arch Linux advisory:

An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
2017-02-08 08:30:23 -05:00
..
arduino teensyduino: init at 1.31 (#20807) 2016-12-02 11:31:01 +01:00
beam-modules hexRegistrySnapshot: d58a937 -> e5e494a 2016-11-30 12:16:21 +01:00
bower-modules/generic
compilers Merge pull request #22468 from taktoa/souper 2017-02-08 09:20:43 +01:00
coq-modules coqPackages.math-classes: init at 2016-06-08 2017-01-27 11:16:30 +00:00
dotnet-modules/patches
eclipse/ecj
em-modules/generic
go-modules buildGoPackage: reduce the default meta.platforms 2016-12-14 10:26:20 +01:00
guile-modules
haskell-modules haskell: distribute servant-{elm,docs,auth,auth-server} and logging-effect 2017-02-08 06:11:04 +01:00
idris-modules idrisPackages.httpclient: init 2016-12-20 00:28:23 +01:00
interpreters Merge branch 'staging' 2017-02-04 21:02:46 +01:00
libraries gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs 2017-02-08 08:30:23 -05:00
lisp-modules lispPackages.clx: git-20150117 -> git-20170201 2017-02-05 13:03:03 +01:00
lua-modules
misc loc: 0.3.3 -> 0.3.4 2016-12-08 09:59:47 -05:00
mobile xcodeenv, titaniumenv: fix IPA builds by granting codesign the right permissions 2017-01-27 10:50:36 +01:00
node-packages nodePackages: Add tern (#22418) 2017-02-04 22:18:28 +01:00
ocaml-modules virt-top: init at 1.0.8 (#21536) 2017-02-04 16:07:45 +01:00
perl-modules perl-Compress-Raw-Zlib: try without testing for now 2017-01-08 14:31:55 +01:00
pharo Remove myself from maintainers 2017-01-31 11:00:14 +01:00
pure-modules
python-modules docker_compose: Remove upper bound version limitations 2017-02-05 18:39:30 +01:00
qtcreator qtcreator: 4.2.0 -> 4.2.1 2017-02-03 17:48:17 +03:00
r-modules ~/.nixpkgs -> ~/.config/nixpkgs 2017-02-01 16:07:55 +01:00
ruby-modules bundler: 1.13.7 -> 1.14.3 (#22260) 2017-01-29 22:42:17 +00:00
tools openocd: 0.9.0 -> 0.10.0 2017-02-06 20:19:36 +01:00
web nodePackages: upgrade node2nix to version 1.1.1 and regenerate the package set 2017-01-20 22:05:44 +01:00