| Summary: | <media-video/rtmpdump-2.4_p20161210: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | candrews, hwoarang, jlec |
| Priority: | Normal | Flags: | kensington:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2015/12/30/1 | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: |
=media-video/rtmpdump-2.4_p20161210
|
Runtime testing required: | --- |
This might be fixed as I see check in for the package (jlec), after the bug was announced. Can someone please confirm? PING - Maintainers do we have an update? Can maintainers please take a look at this bug and please provide an answer. Maintainers, please advice. If no comment then to assume package is not maintained. No Answer from maintainers in 11 Months. Package is assumed not maintained. Will ask on @dev mailing list if someone want to main package and start process for masking / removing from tree. this has lots of reverse deps... hence, we couldn't treeclean it easily :/ I will prepare a new snapshot (In reply to Markos Chandras from comment #7) > I will prepare a new snapshot I have committed rtmpdump-2.4_p20161210 @ Arches, please test and mark stable: =media-video/rtmpdump-2.4_p20161210 amd64 stable x86 stable ppc stable ppc64 stable Stable for HPPA. This was missed. Maintainer(s), please drop the vulnerable version(s). New GLSA Request Filed. This issue was resolved and addressed in GLSA 201702-02 at https://security.gentoo.org/glsa/201702-02 by GLSA coordinator Aaron Bauman (b-man). @maintainer(s), please clean the vulnerable version. Maintainers please drop the vulnerable version so we can close the bug. Maintainer(s), please drop the vulnerable version(s). |
From ${URL} : The git(git://git.ffmpeg.org/rtmpdump)log is: commit fa8646daeb19dfd12c181f7d19de708d623704c0 Author: Howard Chu <hyc@...hlandsun.com> Date: Wed Dec 23 18:58:50 2015 +0000 Fix issue 6-7/7 from LMX of Qihoo 360 Codesafe Team Additional decode input size checks commit 07c10ae612bf5c2dbea594dcbd4da85c54dba1e4 Author: Howard Chu <hyc@...hlandsun.com> Date: Wed Dec 23 18:28:13 2015 +0000 Fix issue 5/7 from LMX of Qihoo 360 Codesafe Team Ignore zero-length packets commit 7c68ad18f4296911114470bb4caaa673d55c8447 Author: Howard Chu <hyc@...hlandsun.com> Date: Wed Dec 23 18:10:15 2015 +0000 Fix issue 4/7 from LMX of Qihoo 360 Codesafe Team Potential integer overflow in RTMPPacket_Alloc(). commit f3042b5bb7dcb42eda32ad9dd88029b24a2c282b Author: Howard Chu <hyc@...hlandsun.com> Date: Wed Dec 23 17:53:34 2015 +0000 Fix issue 2/7 from LMX of Qihoo 360 Codesafe Team Obsolete RTMPPacket_Free() call left over from original C++ to C rewrite commit 71fe4f2435beaccca046dad3905840615b76b085 Author: Howard Chu <hyc@...hlandsun.com> Date: Wed Dec 23 17:51:39 2015 +0000 Fix issue 1/7 from LMX of Qihoo 360 Codesafe Team AMFProp_GetObject must make sure the prop is actually an object @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.