CVE-2021-38380 (http://lists.live555.com/pipermail/live-devel/2021-August/021954.html): Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack. CVE-2021-38381 (http://lists.live555.com/pipermail/live-devel/2021-August/021961.html): Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash. CVE-2021-38382 (http://lists.live555.com/pipermail/live-devel/2021-August/021959.html): Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash. Fixes seem to be in 2021.08.09, please bump.
http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13] CVE-2021-39282: Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files. CVE-2021-39283: liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands. Now need bump to 2021.08.13.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce2011ee53967755f627e809477b2435df673621 commit ce2011ee53967755f627e809477b2435df673621 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-10-17 16:07:16 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-10-17 16:08:23 +0000 media-plugins/live: add 2021.08.24 Bug: https://bugs.gentoo.org/807622 Signed-off-by: John Helmert III <ajak@gentoo.org> media-plugins/live/Manifest | 1 + media-plugins/live/live-2021.08.24.ebuild | 108 ++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+)
commit db3c29d2f8eea9f1e6088aa3d5b17de779920929 Author: Matt Turner <mattst88@gentoo.org> Date: Sat Nov 12 12:28:53 2022 -0500 media-plugins/live: Drop old versions
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f8b1b6a35303555751a0d0e9f7ce20884e9c4145 commit f8b1b6a35303555751a0d0e9f7ce20884e9c4145 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-09 13:09:03 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-09 13:09:28 +0000 [ GLSA 202407-23 ] LIVE555 Media Server: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/732598 Bug: https://bugs.gentoo.org/807622 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-23.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+)
