Fedora 9: 2009-1343 Moderate: Gstreamer-Plugins-Good Buffer Overflow Fix

GStreamer is a streaming media framework, based on graphs of filters which

operate on media data. Applications using this library can do anything

from real-time sound processing to playing videos, and just about anything

else media-related. Its plugin-based architecture means that new data

types or processing capabilities can be added simply by installing new

plug-ins.

GStreamer Good Plug-ins is a collection of well-supported plug-ins of

good quality and under the LGPL license.

* Mon Feb 2 2009 - Bastien Nocera - 0.10.8-10

- Patch for overflows in the QT demuxer (#481267)

* Tue Aug 12 2008 Adam Jackson 0.10.8-9

- gst-plugins-good-0.10.8-http-auth.patch: Fix http auth. (#457952)

* Mon Jul 21 2008 Adam Jackson 0.10.8-8

- gst-plugins-good-0.10.8-v4l2-progressive-fix.patch: Backport v4l2

interlace/progressive fixes. (#454534)

* Thu Jun 19 2008 Adam Jackson 0.10.8-7

- gst-plugins-good-0.10.8-speex-nego.patch: Backport speex channel and

rate negotiation from 0.10.9. (#451391)

* Tue Jun 17 2008 - Bastien Nocera - 0.10.8-6

- Really fix the default audio output not being correct

* Tue Jun 3 2008 - Bastien Nocera - 0.10.8-5

- Fix compilation of the v4l2 plugin with newer kernels

* Mon Jun 2 2008 - Bastien Nocera - 0.10.8-4

- Work-around bug that would set the default audio output to "GOOM!"

See

* Wed May 21 2008 Tom "spot" Callaway 0.10.8-3

- fix license tag

* Wed May 21 2008 Adam Jackson 0.10.8-2

- BR: libsoup-devel and package the soup http src plugin. (#447604)

- s/Fedora Core/Fedora/

* Thu Apr 24 2008 - Bastien Nocera - 0.10.8-1

- Update to 0.10.8

* Thu Apr 10 2008 - Bastien Nocera - 0.10.7-2

- Add patch to unbreak the QuickTime demuxer plugin

[ 1 ] Bug #481267 - gstreamer-plugins, gstreamer-plugins-good: heap-based buffer overflows / an array index out of bounds vulnerability while parsing malformed QuickTime media files

https://bugzilla.redhat.com/show_bug.cgi?id=481267

[ 2 ] Bug #483736 - CVE-2009-0386 gstreamer-plugins-good: heap-based buffer overflow while parsing malformed QuickTime media files via crafted Composition Time To Sample (aka ctts) atom data

https://bugzilla.redhat.com/show_bug.cgi?id=483736

[ 3 ] Bug #483737 - CVE-2009-0387 gstreamer-plugins-good: Array index error while parsing malformed QuickTime media files via crafted Sync Sample (aka stss) atom data

https://bugzilla.redhat.com/show_bug.cgi?id=483737

su -c 'yum update gstreamer-plugins-good' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/