Univention Bugzilla – Bug 50145
libebml: Multiple issues (4.4)
Last modified: 2019-09-11 15:25:39 CEST
New Debian libebml 1.3.4-1+deb9u1 fixes: This update addresses the following issue: * libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. (CVE-2019-13615)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libebml_1.3.4-1.dsc +++ apt/ucs_4.4-0-errata4.4-1/source/libebml_1.3.4-1+deb9u1.dsc @@ -1,3 +1,8 @@ +1.3.4-1+deb9u1 [Sun, 11 Aug 2019 22:09:57 +0200] Sebastian Ramacher <sramacher@debian.org>: + + * debian/patches: Apply upstream fixes for heap-based buffer over-reads. + (CVE-2019-13615) (Closes: #932241) + 1.3.4-1 [Mon, 04 Jul 2016 22:42:46 +0200] Matteo F. Vescovi <mfv@debian.org>: * New upstream release <http://10.200.17.11/4.4-1/#7751664368566669688>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-1] 5c7917cbc5 Bug #50145: libebml 1.3.4-1+deb9u1 doc/errata/staging/libebml.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) [4.4-1] 60f9021692 Bug #50145: libebml 1.3.4-1+deb9u1 doc/errata/staging/libebml.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.4/258.html>