Hello community, here is the log from the commit of package gstreamer-plugins-ugly for openSUSE:Factory checked in at 2017-02-08 10:52:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gstreamer-plugins-ugly (Old) and /work/SRC/openSUSE:Factory/.gstreamer-plugins-ugly.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "gstreamer-plugins-ugly" Changes: -------- --- /work/SRC/openSUSE:Factory/gstreamer-plugins-ugly/gstreamer-plugins-ugly.changes 2017-02-03 17:41:58.268438310 +0100 +++ /work/SRC/openSUSE:Factory/.gstreamer-plugins-ugly.new/gstreamer-plugins-ugly.changes 2017-02-08 10:52:32.414169419 +0100 @@ -1,0 +2,10 @@ +Sat Feb 4 20:21:14 UTC 2017 - zaitor@opensuse.org + +- Fix CVE-2017-5847 (boo#1023259): + + Add gstreamer-plugins-ugly-CVE-2017-5847.patch: asfdemux: Check + that we have enough data available before parsing + bool/uint extended content descriptors (bgo#777955). + + Only apply when using BUILD_ORIG, as we already remove this + part of the code (we build the patched tarball). + +------------------------------------------------------------------- @@ -4 +14 @@ -- Update to version 1.10.3: +- Update to version 1.10.3 (CVE-2017-5838, boo#1023259): New: ---- gstreamer-plugins-ugly-CVE-2017-5847.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gstreamer-plugins-ugly.spec ++++++ --- /var/tmp/diff_new_pack.ljqsMU/_old 2017-02-08 10:52:33.202059609 +0100 +++ /var/tmp/diff_new_pack.ljqsMU/_new 2017-02-08 10:52:33.206059051 +0100 @@ -41,6 +41,8 @@ Source99: baselibs.conf # PATCH-FIX-UPSTREAM gstreamer-revert-bogus-automake-version.patch bgo# zaitor@opensuse.org -- Upstream needed feature in automake 1.12, so for good measure they bumped to 1.14 - revert that commit as we have at least 1.13.4... Patch1: gstreamer-revert-bogus-automake-version.patch +# PATCH-FIX-UPSTREAM gstreamer-plugins-ugly-CVE-2017-5847.patch boo#1023259 zaitor@opensuse.org -- CVE fix from upstream. +Patch2: gstreamer-plugins-ugly-CVE-2017-5847.patch BuildRequires: automake BuildRequires: gcc-c++ BuildRequires: glib2-devel >= 2.40.0 @@ -140,6 +142,7 @@ %setup -q -n %{_name}-%{version} %if 0%{?BUILD_ORIG} %patch0 +%patch2 -p1 %else # Touching configure.ac with this patch breaks BUILD_ORIG building. %patch1 -p1 -R ++++++ gstreamer-plugins-ugly-CVE-2017-5847.patch ++++++
From fe74dabd2c8dc2be54156729986ea38582e8c7ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?=
Date: Tue, 31 Jan 2017 13:50:21 +0200 Subject: asfdemux: Check that we have enough data available before parsing bool/uint extended content descriptors
https://bugzilla.gnome.org/show_bug.cgi?id=777955 diff --git a/gst/asfdemux/gstasfdemux.c b/gst/asfdemux/gstasfdemux.c index 255a427..b8d48ad 100644 --- a/gst/asfdemux/gstasfdemux.c +++ b/gst/asfdemux/gstasfdemux.c @@ -3439,7 +3439,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data, break; } case ASF_DEMUX_DATA_TYPE_DWORD:{ - guint uint_val = GST_READ_UINT32_LE (value); + guint uint_val; + + if (value_len < 4) + break; + + uint_val = GST_READ_UINT32_LE (value); /* this is the track number */ g_value_init (&tag_value, G_TYPE_UINT); @@ -3453,7 +3458,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data, } /* Detect 3D */ case ASF_DEMUX_DATA_TYPE_BOOL:{ - gboolean bool_val = GST_READ_UINT32_LE (value); + gboolean bool_val; + + if (value_len < 4) + break; + + bool_val = GST_READ_UINT32_LE (value); if (strncmp ("Stereoscopic", name_utf8, strlen (name_utf8)) == 0) { if (bool_val) { -- cgit v0.10.2