flxdec security update tracking bug

Bug #1643901 reported by Marc Deslauriers
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gst-plugins-good0.10 (Ubuntu)
Precise
Fix Released
Medium
Marc Deslauriers
Trusty
Fix Released
Medium
Marc Deslauriers
Xenial
Fix Released
Medium
Marc Deslauriers
gst-plugins-good1.0 (Ubuntu)
Fix Released
Medium
Unassigned
Trusty
Fix Released
Medium
Marc Deslauriers
Xenial
Fix Released
Medium
Marc Deslauriers
Yakkety
Fix Released
Medium
Marc Deslauriers
Zesty
Confirmed
Medium
Unassigned

Bug Description

This bug is to track the security update to fix the flxdec out-of-bounds write.

Changed in gst-plugins-good1.0 (Ubuntu Precise):
status: New → Invalid
Changed in gst-plugins-good0.10 (Ubuntu Yakkety):
status: New → Invalid
Changed in gst-plugins-good0.10 (Ubuntu Zesty):
status: New → Invalid
Changed in gst-plugins-good0.10 (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good0.10 (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good0.10 (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good1.0 (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good1.0 (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good1.0 (Ubuntu Yakkety):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → In Progress
Changed in gst-plugins-good1.0 (Ubuntu Zesty):
status: New → Confirmed
Revision history for this message
Simon Déziel (sdeziel) wrote :

Marc, I'm assuming this is related to this https://scarybeastsecurity.blogspot.ca/2016/11/0day-exploit-advancing-exploitation.html, right?

Like the author, I question the upstream decision to include FLIC support in the "good" set. Would it be possible to move that plugin to the "bad" or the "ugly" set since it's presumably a very rarely used format?

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I don't plan on moving the plugin at this time as that is too intrusive for a minimal security update.

Changed in gst-plugins-good0.10 (Ubuntu Precise):
status: In Progress → Fix Released
Changed in gst-plugins-good0.10 (Ubuntu Trusty):
status: In Progress → Fix Released
Changed in gst-plugins-good0.10 (Ubuntu Xenial):
status: In Progress → Fix Released
Changed in gst-plugins-good1.0 (Ubuntu Trusty):
status: In Progress → Fix Released
Changed in gst-plugins-good1.0 (Ubuntu Xenial):
status: In Progress → Fix Released
Changed in gst-plugins-good1.0 (Ubuntu Yakkety):
status: In Progress → Fix Released
Mathew Hodson (mhodson)
no longer affects: gst-plugins-good0.10 (Ubuntu Yakkety)
no longer affects: gst-plugins-good0.10 (Ubuntu Zesty)
Changed in gst-plugins-good0.10 (Ubuntu):
importance: Undecided → Medium
status: Invalid → Fix Released
no longer affects: gst-plugins-good1.0 (Ubuntu Precise)
Mathew Hodson (mhodson)
no longer affects: gst-plugins-good0.10 (Ubuntu)
Changed in gst-plugins-good1.0 (Ubuntu Zesty):
importance: Undecided → Medium
Changed in gst-plugins-good1.0 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.