Source: mp4v2
Version: 2.0.0~dfsg0-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for mp4v2.
CVE-2018-7339[0]:
| The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles
| Entry Number validation for the MP4 Table Property, which allows
Source: gpac
Version: 0.5.2-426-gc5ad4e4+dfsg5-3
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/gpac/gpac/issues/997
Hi,
the following vulnerability was published for gpac.
CVE-2018-7752[0]:
| GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps
Hi Fabian,
On Fri, Feb 09, 2018 at 08:26:10AM +0100, Fabian Greffrath wrote:
> tags 889915 +security +jessie
> thanks
>
> Forwarding this to the security team.
The current issues which were fixed in DLA-1077-1 are all no-dsa, so
thei did not warrant a DSA via security.d.o. Can you fix those
Source: mpv
Version: 0.23.0-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/mpv-player/mpv/issues/5456
Hi,
the following vulnerability was published for mpv.
CVE-2018-6360[0]:
| mpv through 0.28.0 allows remote attackers to execute arbitrary code
| via a crafted web
Hi James,
On Sat, Jan 27, 2018 at 10:19:19AM +, James Cowgill wrote:
> Hi,
>
> On 26/01/18 17:53, Moritz Mühlenhoff wrote:
> > On Fri, Jan 26, 2018 at 05:13:54PM +, James Cowgill wrote:
> >> Hi,
> >>
> >> I've pushed ffmpeg 3.2.10 here:
> >>
Source: libsndfile
Version: 1.0.28-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/erikd/libsndfile/issues/344
Hi,
the following vulnerabilities were published for libsndfile.
CVE-2017-17456[0]:
| The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may
Control: reassign -1 src:aubio 0.4.5-1
Hi Carl,
On Tue, Dec 12, 2017 at 11:20:42PM +0100, Carl Eugen Hoyos wrote:
> This is not a bug in FFmpeg:
> aubio initializes libswresample with 2 channels and then passes data
> that contains just one channel.
>
> That cant really work or how
Source: ffmpeg
Version: 7:3.4-4
Severity: normal
Tags: security upstream
Control: found -1 7:3.4.1-1
Hi,
the following vulnerability was published for ffmpeg.
CVE-2017-17555[0]:
| The swri_audio_convert function in audioconvert.c in FFmpeg
| libswresample through 3.0.101, as used in FFmpeg
Hi
On Mon, Sep 25, 2017 at 10:24:01PM +0200, Salvatore Bonaccorso wrote:
> Forwarded: https://github.com/erikd/libsndfile/issues/318
Upstream fix:
https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
Regards,
Salvat
Source: sox
Source-Version: 14.4.2-1
Hi Jaromir,
On Sun, Nov 19, 2017 at 10:23:01PM +0100, Jaromír Mikeš wrote:
> 2017-11-19 21:11 GMT+01:00 Salvatore Bonaccorso <car...@debian.org>:
>
> > Control: reopen -1
> > Control: found -1 14.4.1-5
> > Control: found -1
Source: libsndfile
Version: 1.0.28-4
Severity: normal
Tags: upstream security
Forwarded: https://github.com/erikd/libsndfile/issues/318
Control: found -1 1.0.25-9.1
Hi,
the following vulnerability was published for libsndfile.
CVE-2017-14634[0]:
| In libsndfile 1.0.28, a divide-by-zero error
On Wed, Aug 30, 2017 at 04:34:44PM +0200, Salvatore Bonaccorso wrote:
> Hi
>
> All, but not CVE-2017-12951 are probably fixed already with the
> 4.0.0-4 upload to unstable today.
Might actually just uncover another problem after the fix.
Regard
Hi
All, but not CVE-2017-12951 are probably fixed already with the
4.0.0-4 upload to unstable today.
Regards,
Salvatore
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
Hi
On Sat, Aug 12, 2017 at 01:52:43PM -0400, Ondrej Novy wrote:
> Hi,
>
> we are already using:
>
> --size-limit=16384x16384
Yupp, I know that, I added that comment to the tracker. It's not clear
to me if we need to limit it quite further. The android approach is to
limit it to 4k frames. Mabe
Source: libvpx
Version: 1.6.1-3
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libvpx.
CVE-2017-0641[0]:
| A remote denial of service vulnerability in libvpx in Mediaserver
| could enable an attacker to use a specially crafted file to cause a
|
Control: notfound -1 3.99.5+repack1-7
Control: found -1 3.99.5+repack1-3
Control: fixed -1 3.99.5+repack1-3+deb7u1
Control: fixed -1 3.99.5+repack1-6
Hi
On Tue, Aug 08, 2017 at 03:53:35PM -0400, Hugo Lefeuvre wrote:
> Hi,
>
> This bug is a duplicate of #777159, which is already fixed in all
Source: soundtouch
Version: 1.9.2-2
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for soundtouch.
CVE-2017-9259[0]:
| The TDStretch::acceptNewOverlapLength function in
| source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote
| attackers to
Source: soundtouch
Version: 1.9.2-2
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for soundtouch.
CVE-2017-9260[0]:
| The TDStretchSSE::calcCrossCorr function in
| source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote
| attackers to
Source: soundtouch
Version: 1.9.2-2
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for soundtouch. There is as
well CVE-2017-9259 and CVE-2017-9260, but since I have not verified if
the issues are all commont back to jessie, fill individual bugs. OTOH
I
Source: lame
Version: 3.99.5+repack1-7
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/lame/bugs/460/
Hi,
the following vulnerability was published for lame.
CVE-2017-11720[0]:
| There is a division-by-zero vulnerability in LAME 3.99.5, caused by a
| malformed
Source: mpg123
Version: 1.23.8-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for mpg123.
CVE-2017-9545[0]:
| The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows
| remote attackers to cause a denial of service (buffer over-read) via
Control: tags -1 + patch
On Sun, Jul 02, 2017 at 11:12:36AM +0200, Salvatore Bonaccorso wrote:
> Source: mpg123
> Version: 1.25.0-1
> Severity: important
> Tags: upstream security
>
> Hi,
>
> the following vulnerability was published for mpg123.
>
> CVE-2017-
Source: mpg123
Version: 1.25.0-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for mpg123.
CVE-2017-10683[0]:
| In mpg123 1.25.0, there is a heap-based buffer over-read in the
| convert_latin1 function in libmpg123/id3.c. A crafted input will lead
|
Source: faac
Version: 1.28+cvs20151130-1
Severity: important
Tags: security upstream
Hi,
the following vulnerabilities were published for faac.
CVE-2017-9129[0]:
| The wav_open_read function in frontend/input.c in Freeware Advanced
| Audio Coder (FAAC) 1.28 allows remote attackers to cause a
Control: retitle -1 kodi: CVE-2017-8314: malicious subtitle zip files
vulnerability
Control: tags -1 + upstream security
On Wed, May 24, 2017 at 09:35:29AM +0200, Jonatan Nyberg wrote:
> Package: kodi
> severity: important
>
> Dear Maintainer,
>
> Kodi 17.2 have an important fix for the
On Mon, Mar 13, 2017 at 07:59:34PM +0100, Moritz Muehlenhoff wrote:
> Source: audiofile
> Severity: grave
> Tags: security
>
> Hi,
> please see these security tracker entries for details, which
> have all the links to the reports, github issues and patches:
>
>
Control: notfound -1 0.13.4-1
Hi
On Tue, Nov 01, 2016 at 08:13:56PM +0100, Salvatore Bonaccorso wrote:
> Control: severity -1 minor
>
> After feedback from MITRE marked it as unimportant, and lowering the
> severity. Reasoning in
> http://www.openwall.com/lists/oss-securit
Source: kodi
Severity: important
Tags: upstream security
Forwarded: http://trac.kodi.tv/ticket/17314
Hi,
the following vulnerability was published for kodi. I did not had the
time to verify if 17.0 is affected. Could you please check and add
according found versions to this bug please or
Source: libquicktime
Version: 2:1.2.4-7
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libquicktime.
CVE-2016-2399[0]:
| Integer overflow in the quicktime_read_pascal function in libquicktime
| 1.2.4 and earlier allows remote attackers to cause a
Source: wavpack
Version: 5.0.0-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerabilities were published for wavpack.
CVE-2016-10169[0]:
global buffer overread in read_code / read_words.c
CVE-2016-10170[1]:
heap out of bounds read in WriteCaffHeader /
Hi Sebastian,
On Fri, Dec 09, 2016 at 11:28:53AM +0100, Sebastian Ramacher wrote:
> On 2016-12-09 10:16:25, James Cowgill wrote:
> > Hi,
> >
> > On 09/12/16 09:27, Uwe Kleine-König wrote:
> > > Hello,
> > >
> > > there are two source packages (in sid, found via codesearch.d.n) that
> > >
Control: severity -1 minor
After feedback from MITRE marked it as unimportant, and lowering the
severity. Reasoning in
http://www.openwall.com/lists/oss-security/2016/11/01/10
Regards,
Salvatore
___
pkg-multimedia-maintainers mailing list
Hi,
On Wed, Oct 26, 2016 at 09:46:57PM +0200, Ola Lundqvist wrote:
> Hi
>
> I had a quick look at libass today regarding CVE-2016-7971.
>
> When I read the discussion thread about this issue it looks like the
> problem is not only disputed upstream, but actually disputed by the person
>
Source: ffmpeg
Version: 7:3.1.3-2
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerabilities were published for ffmpeg.
CVE-2016-7122[0], CVE-2016-7450[1], CVE-2016-7502[2],
CVE-2016-7555[3], CVE-2016-7562[4], CVE-2016-7785[5],
CVE-2016-7905[6].
The upstream
Source: libass
Version: 0.13.4-1
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for libass. This is to help
tracking the issue in the BTS. This CVE is for the issue which
remained unfixed in the recent upstream version, and so far has no
good solution at
Hi Thomas,
On Fri, Sep 30, 2016 at 08:05:14AM +0200, Thomas Orgis wrote:
> Am Thu, 29 Sep 2016 01:20:05 +0200
> schrieb Thomas Orgis :
>
> > Still nothing. I don't expect anything to arrive anymore. Perhaps that
> > Google Docs form was a joke anyway. So, please let's
Hi,
On Sun, May 29, 2016 at 10:10:20PM -0400, Reinhard Tartler wrote:
> Also note that https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5108
> doesn't provide and useful information about this issue. Is that issue also
> known by a different identifier?
MITRE has just not yet updated
Hi,
On Tue, Jun 14, 2016 at 03:00:08PM +0100, James Cowgill wrote:
> On Tue, 2016-06-14 at 15:43 +0200, Petter Reinholdtsen wrote:
> > [James Cowgill]
> > > I can fix it right now in Debian (along with a few other things). Hold
> > > on a moment...
> >
> > Very good. Via the upstream github
Source: vlc
Version: 2.2.3-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for vlc.
CVE-2016-5108[0]:
crash and potential code execution when processing QuickTime IMA files
If you fix the vulnerability please also make sure to include the
CVE
Source: mplayer
Version: 2:1.0~rc4.dfsg1+svn34540-1
Severity: important
Tags: security upstream fixed-upstream
Forwarded: https://trac.mplayerhq.hu/ticket/2295
Control: found -1 2:1.3.0-1
Hi,
the following vulnerability was published for mplayer.
CVE-2016-4352[0]:
Mplayer/Mencoder integer
Hi Andreas,
On Sat, Nov 28, 2015 at 11:34:57AM +0100, Andreas Cadhalpun wrote:
> Control: tag -1 pending
>
> Hi Salvatore,
>
> On 28.11.2015 11:28, Salvatore Bonaccorso wrote:
> > the following vulnerabilities were published for ffmpeg.
> >
> > CVE-2015-8363[
Source: vlc
Version: 2.2.0~rc2-2
Severity: grave
Tags: security upstream patch fixed-upstream
Justification: user security hole
Control: fixed -1 2.2.0~rc2-2+deb8u1
Hi,
the following vulnerability was published for vlc.
CVE-2015-5949[0]:
No description was found (try on a search engine)
If you
clone 786688 -1
reassign -1 src:kodi
found -1 14.2+dfsg1-1
retitle -1 kodi: CVE-2015-3885
thanks
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
in the handling of the XAUTHORITY env variable
+(CVE-2015-2831) (Closes: #781806)
+ * Remove duplicate check for temp[i] == '\0' in das_watchdog.c
+ * Fix infinite loop on platforms where char is unsigned
+
+ -- Salvatore Bonaccorso car...@debian.org Fri, 10 Apr 2015 22:19:18 +0200
+
das-watchdog
Hi!
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
CVEs should follow soon. Also, I guess Wheezy and Jessie are affected too, so
a
DSA might be needed.
They were assigned now:
http://www.openwall.com/lists/oss-security/2015/01/20/11
Regards,
Salvatore
Hi,
CVE-2014-3800 was assigned now for the issue that mode 0644 is used
for the file containing the password, see [1].
[1] http://www.openwall.com/lists/oss-security/2014/05/20/5
Regards,
Salvatore
___
pkg-multimedia-maintainers mailing list
Source: libmms
Version: 0.6-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for libmms.
CVE-2014-2892[0]:
heap-based buffer overflow
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities Exposures)
Control: retitle -1 cantata: Information disclosure (CVE-2013-7300
CVE-2013-7301)
Hi
On Mon, Jan 20, 2014 at 12:34:45PM +0100, Moritz Muehlenhoff wrote:
Package: cantata
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following was reported on oss-security:
Hi
On Thu, Jun 21, 2012 at 09:54:15PM +0100, Steven Chamberlain wrote:
# the fix for this seems finalised in VCS
tags 672030 + patch
I tried to build beast in current state of the git repository, it
succeeds at least at the previous part but now the package FTBFS later
on (build segfaults).
Hi
Are there any news on this?
Bests
Salvatore
signature.asc
Description: Digital signature
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
50 matches
Mail list logo