1
PublicDateAtUSN: 2017-02-09
2
Candidate: CVE-2017-5842
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842
6
http://www.openwall.com/lists/oss-security/2017/02/01/7
7
https://usn.ubuntu.com/usn/usn-3244-1
9
The html_context_handle_element function in gst/subparse/samiparse.c in
10
gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to
11
cause a denial of service (out-of-bounds write) via a crafted SMI file, as
12
demonstrated by OneNote_Manager.smi.
16
https://bugzilla.gnome.org/show_bug.cgi?id=777502
18
Discovered-by: Hanno Böck
21
Patches_gst-plugins-base0.10:
22
upstream_gst-plugins-base0.10: needed
23
precise_gst-plugins-base0.10: not-affected (code not present)
24
precise/esm_gst-plugins-base0.10: DNE (precise was not-affected [code not present])
25
trusty_gst-plugins-base0.10: not-affected (code not present)
26
vivid/stable-phone-overlay_gst-plugins-base0.10: not-affected (code not present)
27
vivid/ubuntu-core_gst-plugins-base0.10: DNE
28
xenial_gst-plugins-base0.10: not-affected (code not present)
29
yakkety_gst-plugins-base0.10: DNE
30
zesty_gst-plugins-base0.10: DNE
31
devel_gst-plugins-base0.10: DNE
33
Patches_gst-plugins-base1.0:
34
upstream: https://github.com/GStreamer/gst-plugins-base/commit/d894c19db62ce87115317616f0a5d4482d6332c4
35
upstream_gst-plugins-base1.0: released (1.10.3-1)
36
precise_gst-plugins-base1.0: DNE
37
precise/esm_gst-plugins-base1.0: DNE
38
trusty_gst-plugins-base1.0: released (1.2.4-1~ubuntu2.1)
39
vivid/stable-phone-overlay_gst-plugins-base1.0: ignored (reached end-of-life)
40
vivid/ubuntu-core_gst-plugins-base1.0: DNE
41
xenial_gst-plugins-base1.0: released (1.8.3-1ubuntu0.2)
42
yakkety_gst-plugins-base1.0: released (1.8.3-1ubuntu1.1)
43
zesty_gst-plugins-base1.0: not-affected (1.10.3-1ubuntu1)
44
devel_gst-plugins-base1.0: not-affected (1.10.3-1ubuntu1)