2 ignored security issues in jessie

package:
gst-plugins-good0.10
severity:
low
created:
2017-02-02
last updated:
2018-06-02

There are 2 open security issues in jessie.
2 issues skipped by the security teams:
  • CVE-2016-10198: The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
  • CVE-2017-5840: The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
Please fix them.