CVE-2023-44446 raised against gstreamer not uploaded to repository
CVE-2023-44446 raised against gstreamer not uploaded to repository
CVE-2023-44446 raised against gstreamer was fixed by RHEL on 17th Jan 2024. The fix is not available in the mirror repo's.
Re: CVE-2023-44446 raised against gstreamer not uploaded to repository
It's in progress.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
eliezer318
- Posts: 9
- Joined: 2024/01/25 17:12:27
CVE-2023-44446 raised against gstreamer not uploaded to repository
Is there a timeline for when this patch will be available?
Re: CVE-2023-44446 raised against gstreamer not uploaded to repository
There was a build problem that took some time to work out but I see that it built earlier today. I am not sure if it will be published separately or as part of the batch of updates that are pending - I'd suspect the latter. This is what else is pending
389-ds-base-1.3.11.1-4.el7_9.src.rpm
kernel-3.10.0-1160.108.1.el7.src.rpm
java-1.8.0-openjdk-1.8.0.402.b06-1.el7_9.src.rpm
java-11-openjdk-11.0.22.0.7-1.el7_9.src.rpm
LibRaw-0.19.4-2.el7_9.src.rpm
gstreamer-plugins-bad-free-0.10.23-24.el7_9.src.rpm
net-snmp-5.7.2-49.el7_9.4.src.rpm
python-pillow-2.0.0-24.gitd1c6db8.el7_9.src.rpm
sssd-1.16.5-10.el7_9.16.src.rpm
xorg-x11-server-1.20.4-27.el7_9.src.rpm
389-ds-base-1.3.11.1-4.el7_9.src.rpm
kernel-3.10.0-1160.108.1.el7.src.rpm
java-1.8.0-openjdk-1.8.0.402.b06-1.el7_9.src.rpm
java-11-openjdk-11.0.22.0.7-1.el7_9.src.rpm
LibRaw-0.19.4-2.el7_9.src.rpm
gstreamer-plugins-bad-free-0.10.23-24.el7_9.src.rpm
net-snmp-5.7.2-49.el7_9.4.src.rpm
python-pillow-2.0.0-24.gitd1c6db8.el7_9.src.rpm
sssd-1.16.5-10.el7_9.16.src.rpm
xorg-x11-server-1.20.4-27.el7_9.src.rpm
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
eliezer318
- Posts: 9
- Joined: 2024/01/25 17:12:27
Re: CVE-2023-44446 raised against gstreamer not uploaded to repository
Is there a way to get that Gstreamer plug in build published (get priority) and where the link will be available for download?
Re: CVE-2023-44446 raised against gstreamer not uploaded to repository
You can search through https://buildlogs.centos.org/ if you like but I did just have a look in all the obvious looking places there and came up blank.
Oh, and be aware that if you do find it there then it will not be GPG signed as that only happens as the fix is released.
Oh, and be aware that if you do find it there then it will not be GPG signed as that only happens as the fix is released.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
eliezer318
- Posts: 9
- Joined: 2024/01/25 17:12:27
Re: CVE-2023-44446 raised against gstreamer not uploaded to repository
Trevor,
I want to keep tabs on this. What are the obvious places so I can get this taken care of for my systems myself?
I want to keep tabs on this. What are the obvious places so I can get this taken care of for my systems myself?
Re: CVE-2023-44446 raised against gstreamer not uploaded to repository
I'm told that the entire list of x86_64 updates has just been pushed to the mirror network so should replicate round the world soon. Running `yum clean all` before an update might help to see those updates sooner as the default expiry time for metadata is 6 hours.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2023-44446 raised against gstreamer not uploaded to repository
Thanks for the update. I am able to find the updated package now.
Re: CVE-2023-44446 raised against gstreamer not uploaded to repository
These updates are now published so are available via yum update
You do not need to download them from buildlogs and as far as I can see they are no longer published to buldlogs during the build process so there is no way to get them before they are released.
You do not need to download them from buildlogs and as far as I can see they are no longer published to buldlogs during the build process so there is no way to get them before they are released.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke