AVG-76 - log back

AVG-76 created at 25 Sep 2019 19:31:50
Packages
+ gst-plugins-bad
Issues
+ CVE-2016-9445
+ CVE-2016-9446
Status
+ Fixed
Severity
+ High
Affected
+ 1.10.0-1
Fixed
+ 1.10.2-2
Ticket
Advisory qualified
+ Yes
References
+ http://www.openwall.com/lists/oss-security/2016/11/18/13
+ https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
Notes
+ As of 1.10.1 (upstream) and 1.10.2-1 9445 and 9446 are fixed: https://gstreamer.freedesktop.org/releases/1.10/
+ I think we were never vulnerable to 9447: http://seclists.org/oss-sec/2016/q4/462