ports/132428: [vuxml] multimedia/gstreamer-plugins-good: document TKADV2009-003
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Sun Mar 8 19:40:03 UTC 2009
>Number: 132428
>Category: ports
>Synopsis: [vuxml] multimedia/gstreamer-plugins-good: document TKADV2009-003
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Mar 08 19:40:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 7.1-STABLE amd64
>Organization:
Code Labs
>Environment:
System: FreeBSD 7.1-STABLE amd64
>Description:
Multiple buffer and heap overflows were found in gstreamer 'good' plugins
by Tobias Klein from TrapKit.
>How-To-Repeat:
http://trapkit.de/advisories/TKADV2009-003.txt
>Fix:
The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
<vuln vid="3cd19346-0c16-11de-b26a-001fc66e7203">
<topic>gstreamer-plugins-good -- multiple memory overflows</topic>
<affects>
<package>
<name>gstreamer-plugins-good</name>
<range><ge>0.10.9,3</ge><lt>0.10.12,3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tobias Klein reports:</p>
<blockquote
cite="http://www.trapkit.de/advisories/TKADV2009-003.txt">
<p>GStreamer contains several heap buffer overflows and an
array index out of bounds vulnerability while parsing
malformed QuickTime media files. The vulnerabilities may be
exploited by a (remote) attacker to execute arbitrary code in
the context of an application using the GStreamer multimedia
framework.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-0386</cvename>
<cvename>CVE-2009-0387</cvename>
<cvename>CVE-2009-0397</cvename>
<url>http://www.trapkit.de/advisories/TKADV2009-003.txt</url>
<url>http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html</url>
</references>
<dates>
<discovery>2009-01-22</discovery>
<entry>TODAY</entry>
</dates>
</vuln>
--- vuln.xml ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list