Summary: | <media-plugins/live-2021.05.22: Buffer overflow in handling of RTSP play command (CVE-2020-24027) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.live555.com/liveMedia/public/changelog.txt | ||
Whiteboard: | B3 [glsa?] | ||
Package list: |
media-video/vlc-3.0.14-r6 amd64 arm64 ppc ppc64 x86
media-plugins/live-2021.05.22
|
Runtime testing required: | --- |
Bug Depends on: | 795798 | ||
Bug Blocks: |
Description
Sam James
2020-07-14 19:52:37 UTC
Please bump to 2020.07.09. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e14ff1a018a8d131838439a52a4849f675aaa6a commit 8e14ff1a018a8d131838439a52a4849f675aaa6a Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-06-12 18:34:01 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-06-12 18:43:42 +0000 media-plugins/live: add 2021.05.22 Bug: https://bugs.gentoo.org/732598 Signed-off-by: John Helmert III <ajak@gentoo.org> media-plugins/live/Manifest | 1 + media-plugins/live/live-2021.05.22.ebuild | 108 ++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) Let's give it some time in unstable just in case. Need to stable VLC too due to media-plugins/live version restrictions thanks to bug 797436 Unable to check for sanity:
> no match for package: media-video/vlc-3.0.14-r2
Unable to check for sanity:
> no match for package: media-video/vlc-3.0.14-r4
amd64 done arm done arm64 done ppc stable ppc64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f17ed73482dc8b6a9cf94ef480a35cf40eb5909d commit f17ed73482dc8b6a9cf94ef480a35cf40eb5909d Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-08-26 21:52:50 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-08-26 21:53:04 +0000 media-plugins/live: drop 2020.05.15 Bug: https://bugs.gentoo.org/732598 Signed-off-by: John Helmert III <ajak@gentoo.org> media-plugins/live/Manifest | 1 - media-plugins/live/live-2020.05.15.ebuild | 108 ------------------------------ 2 files changed, 109 deletions(-) Unable to check for sanity:
> no match for package: media-video/vlc-3.0.14-r6
|