# gstreamer-ffmpeg vulnerable port and its dependencies!



## teo (Sep 16, 2020)

Removing that vulnerable port carries with it many dependencies.

# `pkg audit -F`

```
Fetching vuln.xml.bz2: 100% 880 KiB 901.3kB/s 00:01
gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8663
CVE: CVE-2015-8662
WWW: https://vuxml.FreeBSD.org/freebsd/4bae544d-06a3-4352-938c-b3bcbca89298.html

gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-6826
CVE: CVE-2015-6825
CVE: CVE-2015-6824
CVE: CVE-2015-6823
CVE: CVE-2015-6822
CVE: CVE-2015-6821
CVE: CVE-2015-6820
CVE: CVE-2015-6819
CVE: CVE-2015-6818
WWW: https://vuxml.FreeBSD.org/freebsd/3d950687-b4c9-4a86-8478-c56743547af8.html

gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8365
CVE: CVE-2015-8364
CVE: CVE-2015-8363
CVE: CVE-2015-8219
CVE: CVE-2015-8218
CVE: CVE-2015-8217
CVE: CVE-2015-8216
CVE: CVE-2015-6761
WWW: https://vuxml.FreeBSD.org/freebsd/b0da85af-21a3-4c15-a137-fe9e4bc86002.html

3 problem(s) in 1 installed package(s) found.
```
#

# `pkg delete gstreamer-ffmpeg`

```
Updating database digests format: 100%
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 92 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
akonadi: 20.08.0
falkon: 3.1.0
ffmpeg: 4.3.1_1,1
firefox: 80.0.1,1
gstreamer: 0.10.36_6
gstreamer-ffmpeg: 0.10.13_7
gstreamer-plugins: 0.10.36_12,3
gstreamer-plugins-a52dec: 0.10.19_2,3
gstreamer-plugins-aalib: 0.10.31_2,3
gstreamer-plugins-all: 1.3.0.10.1_17
gstreamer-plugins-amrnb: 0.10.19_2,3
gstreamer-plugins-amrwbdec: 0.10.19_2,3
gstreamer-plugins-annodex: 0.10.31_2,3
gstreamer-plugins-bad: 0.10.23_4,3
gstreamer-plugins-bz2: 0.10.23_2,3
gstreamer-plugins-cairo: 0.10.31_2,3
gstreamer-plugins-cdaudio: 0.10.23_2,3
gstreamer-plugins-cdio: 0.10.19_3,3
gstreamer-plugins-cdparanoia: 0.10.36_2,3
gstreamer-plugins-dts: 0.10.23_2,3
gstreamer-plugins-dv: 0.10.31_2,3
gstreamer-plugins-dvd: 0.10.19_6,3
gstreamer-plugins-faad: 0.10.23_2,3
gstreamer-plugins-flac: 0.10.31_3,3
gstreamer-plugins-flite: 0.10.23_3,3
gstreamer-plugins-fluendo-mp3: 0.10.20_2
gstreamer-plugins-fluendo-mpegdemux: 0.10.71_2
gstreamer-plugins-gconf: 0.10.31_2,3
gstreamer-plugins-gdkpixbuf: 0.10.31_3,3
gstreamer-plugins-gio: 0.10.36_2,3
gstreamer-plugins-gl: 0.10.3_7
gstreamer-plugins-gme: 0.10.23_2,3
gstreamer-plugins-gnomevfs: 0.10.36_2,3
gstreamer-plugins-gnonlin: 0.10.17_2
gstreamer-plugins-good: 0.10.31_3,3
gstreamer-plugins-gsm: 0.10.23_2,3
gstreamer-plugins-hal: 0.10.31_2,3
gstreamer-plugins-jack: 0.10.31_2,3
gstreamer-plugins-jpeg: 0.10.31_2,3
gstreamer-plugins-ladspa: 0.10.23_4,3
gstreamer-plugins-libcaca: 0.10.31_3,3
gstreamer-plugins-libmms: 0.10.23_2,3
gstreamer-plugins-libpng: 0.10.31_2,3
gstreamer-plugins-libvisual: 0.10.36_3,3
gstreamer-plugins-mad: 0.10.19_3,3
gstreamer-plugins-mp3: 0.10.0_1
gstreamer-plugins-mpeg2dec: 0.10.19_2,3
gstreamer-plugins-mpeg2enc: 0.10.23_3,3
gstreamer-plugins-musepack: 0.10.23_2,3
gstreamer-plugins-nas: 0.10.23_2,3
gstreamer-plugins-neon: 0.10.23_2,3
gstreamer-plugins-ogg: 0.10.36_2,3
gstreamer-plugins-opencv: 0.10.23_6,3
gstreamer-plugins-opus: 0.10.23_5,3
gstreamer-plugins-pango: 0.10.36_3,3
gstreamer-plugins-pulse: 0.10.31_3,3
gstreamer-plugins-resindvd: 0.10.23_4,3
gstreamer-plugins-schroedinger: 0.10.23_2,3
gstreamer-plugins-sdl: 0.10.23_3,3
gstreamer-plugins-shout2: 0.10.31_3,3
gstreamer-plugins-sidplay: 0.10.19_2,3
gstreamer-plugins-sndfile: 0.10.23_2,3
gstreamer-plugins-sndio: 0.10.31.1_1
gstreamer-plugins-soundtouch: 0.10.23_2,3
gstreamer-plugins-soup: 0.10.31_2,3
gstreamer-plugins-speex: 0.10.31_2,3
gstreamer-plugins-taglib: 0.10.31_2,3
gstreamer-plugins-theora: 0.10.36_2,3
gstreamer-plugins-twolame: 0.10.19_2,3
gstreamer-plugins-ugly: 0.10.19_2,3
gstreamer-plugins-v4l2: 0.10.31_2,3
gstreamer-plugins-vorbis: 0.10.36_2,3
gstreamer-plugins-vp8: 0.10.23_7,3
gstreamer-plugins-wavpack: 0.10.31_2,3
gstreamer-plugins-x264: 0.10.19_10,3
gstreamer-plugins-xvid: 0.10.23_2,3
gstreamer1-libav: 1.16.2
gstreamer1-plugins-core: 1.16
gstreamermm: 0.10.10.2_6
kaccounts-integration: 20.08.0
kf5-kdesignerplugin: 5.73.0
kf5-kdewebkit: 5.73.0
kf5-purpose: 5.73.0
opencv: 3.4.1_36
opera: 12.16_6
py27-gstreamer: 0.10.22_5
qt5-webengine: 5.15.0_2
qt5-webkit: 5.212.0.a4_3
signon-ui: 0.17_7
vlc: 3.0.11_4,4
xfce4-mixer: 4.11.0_5
xfce4-volumed: 0.1.13_4

Number of packages to be removed: 92

The operation will free 779 MiB.

Proceed with deinstalling packages? [y/N]: n
```
#


----------



## Mjölnir (Sep 16, 2020)

Switch off your system immediately!   ... or live with it, until it's fixed.  If your computer is younger than 11 years, you have more worries: AMT can be switched off, but the management engine can not be disabled; it runs always, even when your computer is switched off (as long it has external power).  AMD CPUs have similar LOM management facilities.  You may be able to prevent external access by using an _external_ sophisticated firewall.


----------



## Alain De Vos (Sep 16, 2020)

Note : jasper also has alot of vulnerabilities.
And to disable to vulnerabilities of samba i just do a "chmod a-x /usr/local/sbin/samba*"


----------



## teo (Sep 16, 2020)

Alain De Vos said:


> Note : jasper also has alot of vulnerabilities.
> And to disable to vulnerabilities of samba i just do a "chmod a-x /usr/local/sbin/samba*"


Port  graphics/jasper was already updated a few days ago .


----------

