Re: [Retired] gstreamer & gstreamer-plugins-base
On Monday, 10 February 2020 at 10:07, Vitaly Zaitsev via devel
wrote:
> On 10.02.2020 09:43, John M. Harris Jr wrote:
> > As long as it builds and functions, why remove it?
>
> Because it has lots of critical vulnerabilities and endangers end-user
> devices.
Please name a couple. Nobody has provided a single specific case of an
unfixed security vulnerability affecting gstreamer 0.10.x yet.
CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808,
CVE-2016-9807, CVE-2016-9445, CVE-2016-9445, CVE-2016-9447,
CVE-2016-9809..... there's others, not to mention issues likely found
and fixed in gst1 that weren't back ported to the 0.10 series, and
even if there were bugs backported to the Fedora releases given
there's no upstream support it would a "scrape the internet" for the
fixes scenario.
The issues with media and vulnerabilities are well known, Google has
had many many large issues with android with the same sort of issues
which caused them to completely rewrite their media stack to run
completely sandboxed, somthing that the old version of gstreamer
doesn't support.