)]}' { "commit": "a6f8cbfb6e8e1764b397dbcd08888c54b426bdf2", "tree": "a94b65bb3ce6cb4f8c2552e9b41e8adf63617c1f", "parents": [ "384ff7d0268c71e76f7328a9ca6dfe96e4a3ab23" ], "author": { "name": "Tobias Ronge", "email": "tobiasr@axis.com", "time": "Thu Mar 14 10:12:27 2019 +0100" }, "committer": { "name": "Jonas Larsson", "email": "ljonas@google.com", "time": "Tue Nov 17 12:35:52 2020 -0800" }, "message": "gstrtspconnection: Security loophole making heap overflow\n\nThe former code allowed an attacker to create a heap overflow by\nsending a longer than allowed session id in a response and including a\nsemicolon to change the maximum length. With this change, the parser\nwill never go beyond 512 bytes.\n", "tree_diff": [ { "type": "modify", "old_id": "76ae7d439ed008c45abc81b7f156deb2c070d838", "old_mode": 33188, "old_path": "gst-libs/gst/rtsp/gstrtspconnection.c", "new_id": "81239dce6aed9caf5c2b7f9efa65f725a0fe6d2e", "new_mode": 33188, "new_path": "gst-libs/gst/rtsp/gstrtspconnection.c" } ] }