Summary: | <media-plugins/live-2021.08.24: multiple vulnerabilities (CVE-2021-{38380,38381,38382,39282,39283}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09] | ||
Whiteboard: | B2 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 829391 | ||
Bug Blocks: |
Description
John Helmert III
2021-08-10 20:52:56 UTC
http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13] CVE-2021-39282: Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files. CVE-2021-39283: liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands. Now need bump to 2021.08.13. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce2011ee53967755f627e809477b2435df673621 commit ce2011ee53967755f627e809477b2435df673621 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-10-17 16:07:16 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-10-17 16:08:23 +0000 media-plugins/live: add 2021.08.24 Bug: https://bugs.gentoo.org/807622 Signed-off-by: John Helmert III <ajak@gentoo.org> media-plugins/live/Manifest | 1 + media-plugins/live/live-2021.08.24.ebuild | 108 ++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) commit db3c29d2f8eea9f1e6088aa3d5b17de779920929 Author: Matt Turner <mattst88@gentoo.org> Date: Sat Nov 12 12:28:53 2022 -0500 media-plugins/live: Drop old versions |