On Tue, Nov 22, 2016 at 06:57:45PM -0600, Michael Catanzaro wrote: > Is anybody working on fixing [1]? > The exploit is a little impractical in that it only works if you have > not updated any F24 base packages except GStreamer, but we should still > fix it. I don't see any GStreamer updates in bodhi yet. I talked to Josh Bressers a little bit about it, and he was going to bring the bigger issue to Eric and the Fedora Security Team — with the holidays that might not be happening immediately. That is, the issues here https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html with sandboxing tracker and gstreamer, and installing the "bad" codecs without warning. -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
