gstrtspconnection: Security loophole making heap overflow
The former code allowed an attacker to create a heap overflow by sending a longer than allowed session id in a response and including a semicolon to change the maximum length. With this change, the parser will never go beyond 512 bytes.
Merge request reports
Activity
enabled an automatic merge when the pipeline for f6722775 succeeds
added Needs backport label
added 1.14 label
added Backported into 1.16 label and removed Needs backport label
Gitlab won't let me set milestone %1.15.90 on this because the original repo disappeared (looks like it was deleted and re-created).