Fix for CVE-2021-3185 in Ubuntu 20.10?

For Diagnostic open terminal [ctl+alt+t] : lsb_release -a; uname -a; python --version
CVE-2021-3185 : A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
If you have this version which is the current version for 20.10 your OK, Prior versions before 1.2 are affected.
https://packages.ubuntu.com/groovy/gir1.2-gst-plugins-bad-1.0

see https://ubuntu.com/security/CVE-2021-3185
It seems that work is in progress.

@Bernard:
The version in groovy is 1.18.0-2ubuntu6 which is "before v1.18.1". I assume that the current version in groovy IS vulnerable.

Thanks, I stand corrected.

This is a Red Hat bug affecting Fedora OS. https://access.redhat.com/security/cve/CVE-2021-3185

The code in Ubuntu is identical.

I saw the status on https://ubuntu.com/security/CVE-2021-3185 and was just wondering wether groovy is going to get a fix for this.

I am currently using https://packages.ubuntu.com/groovy/gstreamer1.0-plugins-bad-apps (gstreamer1.0-plugins-bad-apps (1.18.0-2ubuntu6) ) on groovy (20.10). Will I have to wait for 21.04?

Kind regards
Johannes Rost

My personal guess is that the patch will be applied to all older relevant Ubuntu releases, but I cannot predict how fast that may happen.
If you see the bug as a threat, then you are free to build your personal version of the packages, e.g. in a PPA.

Another potential workaround: It might be possible to manually install the packages from Ubuntu 21.04 (hirsute) also on Ubuntu 20.10 (groovy). In a very quick look I did not see any broken dependencies (no warranty given).