Univention Bugzilla – Bug 44681
rtmpdump: Multiple issues (4.2)
Last modified: 2017-06-28 15:33:38 CEST
+++ This bug was initially created as a clone of Bug #44572 +++ Upstream Debian package version 2.4+20150115.gita107cef-1+deb8u1 fixes: * The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash). (CVE-2015-8270) * The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code. (CVE-2015-8271) * RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash). (CVE-2015-8272)
QA: piuparts -D debian --keep-sources-list -b /var/univention/buildsystem2/pbuilder/ucs_4.2-0-errata4.2-0_amd64.tgz -d --bindmount=/var/univention/buildsystem2/apt/ucs_4.2-0-errata4.2-0 /var/univention/buildsystem2/apt/ucs_4.2-0-errata4.2-0/amd64/rtmpdump_2.4+20150115.gita107cef-1+deb8u1_amd64.deb
* Package imported and built in errata4.2-0 * I've moved and updated the advisory to errata4.2-1 * Advisory content ok * Package update ok (checked with librtmp1 and rtmpdump)
<http://errata.software-univention.de/ucs/4.2/62.html>