On Thu, 2015-09-03 at 14:49 +0200, Alessandro Ghedini wrote: > Source: libvdpau > Severity: important > Tags: security, fixed-upstream > > Hi, > > the following vulnerabilities were published for libvdpau. > > CVE-2015-5198[0]: > incorrect check for security transition > > CVE-2015-5199[1]: > directory traversal in dlopen > > CVE-2015-5200[2]: > vulnerability in trace functionality > > All of them are fixed by the patch [3], shipped in the 1.1.1 upstream > release. > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
Hello Alessandro, Thanks for the heads-up! Vincent, Andreas, I have updated the libvdpau git repo with the new release [1]. I have tested the amd64 and i386 packages in Jessie, and they seem to work just fine with vdpauinfo and VLC. Could you please review and do a new upload, when you have time? Thanks! Tomorrow I'll look into backporting the fix to Wheezy and Squeeze. Kind regards, Luca Boccassi [1] https://anonscm.debian.org/cgit/pkg-nvidia/libvdpau.git
signature.asc
Description: This is a digitally signed message part