[Buildroot] [git commit branch/2020.02.x] package/gst1-plugins-bad: security bump to version 1.16.3

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [git commit branch/2020.02.x] package/gst1-plugins-bad: security bump to version 1.16.3
@ 2021-01-22 10:48 Peter Korsgaard
  0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2021-01-22 10:48 UTC (permalink / raw
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=236c90d62b0911c563c021dfae3febe931352b12
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2020.02.x

Fixes the following security issue:

- CVE-2021-3185: gstreamer: buffer overflow in
  gst_h264_slice_parse_dec_ref_pic_marking

For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2021/01/20/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash | 4 ++--
 package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash b/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash
index 7b59b4dbec..a778a4007c 100644
--- a/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash
+++ b/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash
@@ -1,4 +1,4 @@
-# From https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.16.2.tar.xz.sha256sum
-sha256 f1cb7aa2389569a5343661aae473f0a940a90b872001824bc47fa8072a041e74 gst-plugins-bad-1.16.2.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.16.3.tar.xz.sha256sum
+sha256 84efe57011658f0a53a5d5b20f64ef109f5105dccb0808c21e069e946673514d gst-plugins-bad-1.16.3.tar.xz
 sha256 0b12e4d1cd5db5f8a0c04fc98a1d8c3acc533097b6198d6644420da78d460223 COPYING
 sha256 cf9b86bcf2d298e8cf5b9d8982f9dab296465b002fdfa0347357a0732f961e03 COPYING.LIB
diff --git a/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk b/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk
index ef36e4dc0a..fcb98e433f 100644
--- a/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk
+++ b/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST1_PLUGINS_BAD_VERSION = 1.16.2
+GST1_PLUGINS_BAD_VERSION = 1.16.3
 GST1_PLUGINS_BAD_SOURCE = gst-plugins-bad-$(GST1_PLUGINS_BAD_VERSION).tar.xz
 GST1_PLUGINS_BAD_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-bad
 GST1_PLUGINS_BAD_INSTALL_STAGING = YES

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2021-01-22 10:48 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-01-22 10:48 [Buildroot] [git commit branch/2020.02.x] package/gst1-plugins-bad: security bump to version 1.16.3 Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.