Summary: | <media-libs/libmatroska-1.4.4: Out-of-bounds heap read in KaxInternalBlock::ReadData() (CVE-2015-8792) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1276335 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-10-29 14:35:44 UTC
already fixed in 1.4.4 I think, which is good to go stable Arches, please test and mark stable: =media-libs/libmatroska-1.4.4 Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86" amd64 stable x86 stable Stable for PPC64. Stable on alpha. ppc stable sparc stable arm stable ia64 stable. Maintainer(s), please cleanup. Security, please vote. Arches, Thank you for your work. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s). Maintainer(s), please drop the vulnerable version(s). Maintainer(s), please drop the vulnerable version(s). CVE-2015-8792 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8792): The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. Maintainer timeout.. cleanup complete: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14735d715a5a582e2723a810c371281e8dd085ff |