Opened 6 months ago

Closed 5 months ago

#18853 closed enhancement (fixed)

gstreamer-1.22.7 gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav gstreamer-vaapi

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 12.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Xi Ruoyao, 6 months ago

Priority: normalelevated

Highlighted bugfixes:

  • Security fixes for the MXF demuxer and AV1 codec parser
  • glfilter: Memory leak fix for OpenGL filter elements
  • d3d11videosink: Fix toggling between fullscreen and maximized, and window switching in fullscreen mode
  • DASH / HLS adaptive streaming fixes
  • Decklink card device provider device name string handling fixes
  • interaudiosrc: handle non-interleaved audio properly
  • openh264: Fail gracefully if openh264 encoder/decoder creation fails
  • rtspsrc: improved whitespace handling in response headers by certain cameras
  • v4l2codecs: avoid wrap-around after 1000000 frames; tiled formats handling fixes
  • video-scaler, audio-resampler: downgraded "Can't find exact taps" debug log messages
  • wasapi2: Don't use global volume control object
  • Rust plugins: various improvements in aws, fmp4mux, hlssink3, livesync, ndisrc, rtpav1depay, rsfilesink, s3sink, sccparse
  • WebRTC: various webrtchttp, webrtcsrc, and webrtcsink improvements and fixes
  • Cerbero build tools: recognise Windows 11; restrict parallelism of gst-plugins-rs build on small systems
  • Packages: ca-certificates update; fix gio module loading and TLS support on macOS

See the GStreamer 1.22.7 release notes for more details.

comment:2 by Xi Ruoyao, 5 months ago

I've encountered a test failure with several gst-plugins-bad releases: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3124

This is related to something in my $HOME (setting HOME= make this test case pass) so maybe you cannot reproduce it.

comment:3 by Douglas R. Reno, 5 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:4 by Douglas R. Reno, 5 months ago

CVE-2023-44446

Security Advisory 2023-0010 (ZDI-CAN-22299) (CVE-2023-44446)

Summary MXF demuxer use-after-free

Date 2023-11-13 12:00

Affected Versions GStreamer gst-plugins-bad < 1.22.7

ID GStreamer-SA-2023-0010

ZDI-CAN-22299

CVE-2023-44446

Details

Use-after-free (read) in the MXF demuxer when handling certain files before GStreamer 1.22.7

Impact

It is possible for a malicious third party to trigger a crash in the application.

CVE-2023-44429

Security Advisory 2023-0009 (ZDI-CAN-22226) (CVE-2023-44429)

Summary AV1 codec parser buffer overflow

Date 2023-11-13 12:00

Affected Versions GStreamer gst-plugins-bad < 1.22.7

ID GStreamer-SA-2023-0009

ZDI-CAN-22226

CVE-2023-44429

Details

Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.7

Impact

It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.

comment:5 by Douglas R. Reno, 5 months ago

Resolution: fixed
Status: assignedclosed

Fixed at a1fe0cf75bc447df68869baf4c270c5c2eac0422

SA-12.0-042 issued

Note: See TracTickets for help on using tickets.