** No longer affects: gst-plugins-bad1.0 (Ubuntu)

** No longer affects: totem (Ubuntu)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to totem in Ubuntu.
https://bugs.launchpad.net/bugs/1650523

Title:
  Plugin "SNES-SPC700 Sound File Data decoder" in gstreamer1.0-plugins-
  bad may have security vulnerability

Status in game-music-emu package in Ubuntu:
  Fix Released

Bug description:
  Steps:
  1. Ubuntu 16.04.1 LTS
  2. Trying to play xcalc_ubuntu_16.04_libc_2.23-0ubuntu3.spc file from this 
blog post ( 
https://scarybeastsecurity.blogspot.ru/2016/12/redux-compromising-linux-using-snes.html
 ) and this video ( https://www.youtube.com/watch?v=wrCLoem6ggM ).
  3. Totem found required plugin for playing "SNES-SPC700 Sound File Data 
decoder" which is in gstreamer1.0-plugins-bad.
  4. xcalc does not launched on music play or by Nautilus launch.

  Ubuntu security team, please read blog post (see above link) and
  confirm (and fix) or refute zero-day vulnerability.

  
  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: gstreamer1.0-plugins-bad 1.8.2-1ubuntu0.2
  ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13
  Uname: Linux 4.4.0-31-generic i686
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: i386
  CasperVersion: 1.376
  CurrentDesktop: Unity
  Date: Fri Dec 16 12:03:27 2016
  LiveMediaBuild: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release i386 (20160719)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: gst-plugins-bad1.0
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/game-music-emu/+bug/1650523/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to