fdo-mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-19 18:58:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/src
History
Wim Taymans 80ec1f1d10 security: fix JSON injection in PulseAudio stream-restore 
The device_name from a client message was interpolated directly into
a JSON string without escaping. A malicious client could inject
arbitrary JSON keys by including quote characters in the device name.
Use spa_json_encode_string to properly escape the value.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-29 16:16:44 +02:00
..
daemon filter-chain: update virtual surround with convolver2 2026-04-21 17:03:55 +02:00
examples impl-node: accept more node.passive values 2026-03-12 17:25:36 +01:00
gst gst: fix crop height typo in pipewiresink do_send_buffer 2026-04-21 20:19:24 +01:00
modules security: fix JSON injection in PulseAudio stream-restore 2026-04-29 16:16:44 +02:00
pipewire impl-core: gate portal clients on stolen-fd reconnect 2026-04-29 12:31:57 +01:00
tests stream: return -EIO when doing get_time in != STREAMING 2026-02-12 12:26:33 +01:00
tools security: add missing NULL check after strdup in reserve 2026-04-29 11:35:31 +02:00
meson.build meson.build: fix compile with -Dexamples=disabled 2023-11-28 10:18:25 +00:00