Summary: | <media-libs/libmms-0.6.4: MMSH Server Response Parsing Buffer Overflow Vulnerability (CVE-2014-2892) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/57875/ | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-16 12:34:08 UTC
media-libs/libmms-0.6.4 is in the tree. It should be ok to test/stabilize right away. CVE-2014-2892 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2892): Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response. @arches, please stabilize: media-libs/libmms-0.6.4 amd64 stable Stable for HPPA PPC64. ppc stable x86 stable Stable on alpha. sparc stable. Maintainer(s), please cleanup. @maintainer(s), please clean the vulnerable versions. This issue was resolved and addressed in GLSA 201612-29 at https://security.gentoo.org/glsa/201612-29 by GLSA coordinator Kristian Fiskerstrand (K_F). |