[Secure-testing-team] Bug#765435: libvpx: Out-of-bounds write with WebM video [CVE-2014-1578]
Yves-Alexis Perez
corsac at debian.org
Wed Oct 15 06:09:53 UTC 2014
Source: libvpx
Version: 1.3.0-2.1
Severity: grave
Tags: security patch
Justification: user security hole
Hi,
an out of bound write vulnerability in libvpx has been fixed in a recent Mozilla
advisory [1], and a patch is also provided [2].
Can you prepare an update for unstable and push it asap?
Also, I'm unsure if the vulnerability affects stable, so it might be
worth checking there too (and coordinate with us for an upload).
If you fix the vulnerability, please add the CVE reference
(CVE-2014-1578) to the changelog.
[1]: https://www.mozilla.org/security/announce/2014/mfsa2014-77.html
[2]: https://hg.mozilla.org/releases/mozilla-esr31/rev/6023f0b4f8ba
Thanks in advance,
--
Yves-Alexis Perez - Debian security team
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list