gst1-plugins-ugly: security bump to version 1.10.4

Fixes:
CVE-2017-5847 - The gst_asf_demux_process_ext_content_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote
attackers to cause a denial of service (out-of-bounds heap read) via vectors
involving extended content descriptors.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.hash b/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.hash
index 6b4f0c7590300b21c7fab764e94a979d70045bc6..9567d9ca0ce6988d47400d4c818a0d65851f2e33 100644 (file)
--- a/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.hash
+++ b/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.hash
@@ -1,2 +1,2 @@
-# From http://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.10.3.tar.xz.sha256sum
-sha256 c91597d03abff9df435ad4892eae44df1ee14159c7cc7317ac9d2766ff446bd2  gst-plugins-ugly-1.10.3.tar.xz
+# From http://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.10.4.tar.xz.sha256sum
+sha256 6386c77ca8459cba431ed0b63da780c7062c7cc48055d222024d8eaf198ffa59  gst-plugins-ugly-1.10.4.tar.xz

diff --git a/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.mk b/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.mk
index 2f68145ca6d14f2ab95f17e9ba796750fc6435ac..d503555cf4626ef5972fe3895386875523d0a97d 100644 (file)
--- a/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.mk
+++ b/package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST1_PLUGINS_UGLY_VERSION = 1.10.3
+GST1_PLUGINS_UGLY_VERSION = 1.10.4
 GST1_PLUGINS_UGLY_SOURCE = gst-plugins-ugly-$(GST1_PLUGINS_UGLY_VERSION).tar.xz
 GST1_PLUGINS_UGLY_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-ugly
 GST1_PLUGINS_UGLY_LICENSE_FILES = COPYING