After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 383009 - CVE-2006-4800 4xm buffer overflow
CVE-2006-4800 4xm buffer overflow
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-libav
0.10.1
Other Linux
: Normal critical
: 0.10.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2006-12-06 14:16 UTC by Loïc Minier
Modified: 2006-12-06 19:43 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
fix for buffer overflow in 4xm CVE-2006-4800 (1.06 KB, patch)
2006-12-06 14:18 UTC, Loïc Minier
none Details | Review
fix for buffer overflow in 4xm CVE-2006-4800 (0.8 branch) (1.04 KB, patch)
2006-12-06 14:19 UTC, Loïc Minier
none Details | Review

Description Loïc Minier 2006-12-06 14:16:58 UTC
Hi,

CVE-2006-4800 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800

Debian patch for gst-ffmpeg 0.10:
http://svn.debian.org/wsvn/pkg-gstreamer/unstable/gst-ffmpeg/debian/patches/30_CVE-2006-4800-4xm-buffer-overflow.patch?op=file&rev=0&sc=1

I suggest you roll a 0.8 tarball as well (we still ship that one in Debian).

Bye,
Comment 1 Loïc Minier 2006-12-06 14:18:00 UTC
Created attachment 77815 [details] [review]
fix for buffer overflow in 4xm CVE-2006-4800

Sorry, the URL was for gst-ffmpeg 0.8, I'm attaching the patch for 0.10.
Comment 2 Loïc Minier 2006-12-06 14:19:19 UTC
Created attachment 77816 [details] [review]
fix for buffer overflow in 4xm CVE-2006-4800 (0.8 branch)

And here's the patch for the 0.8 branch.
Comment 3 Jan Schmidt 2006-12-06 15:25:47 UTC
The fix is already in the 0.10 CVS snapshot. I doubt that anyone will ever do a release of any of the 0.8 modules again - the branch has been out of service for over a year.

I'm inclined to just close this as already fixed.
Comment 4 Loïc Minier 2006-12-06 19:43:24 UTC
Setting milestone and closing as fixed in CVS.