On Tue, Feb 11, 2020 at 10:00 am, Dominik 'Rathann' Mierzejewski
<dominik@xxxxxxxxxxxxxx> wrote:
It means that the fixes are available and can be applied to Fedora
package if necessary. I'm still waiting for someone to point out a
specific *unfixed* *critical* vulnerability that some of the folks
posting in this thread mentioned. Otherwise, I see no reason to
prevent
me or anyone else from keeping gstreamer 0.10 packages alive in
Fedora.
CVE-2019-9928, buffer overflow in RTSP parsing
Yeah it would be a one-line patch to fix that, but that's not the
point. Point is the vast majority of security issues never get CVEs and
we rely on regular updates to the latest upstream version to avoid
those.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx