FS#40995 - [gst-libav] CVE-2014-4609 integer overflow / remote code execution via bundled lzo implementation
Attached to Project:
Arch Linux
Opened by Daniel Micay (thestinger) - Friday, 27 June 2014, 03:34 GMT
Last edited by Jan Alexander Steffens (heftig) - Saturday, 28 June 2014, 15:37 GMT
Opened by Daniel Micay (thestinger) - Friday, 27 June 2014, 03:34 GMT
Last edited by Jan Alexander Steffens (heftig) - Saturday, 28 June 2014, 15:37 GMT
|
Details
This is a vulnerability in libav (and other projects), so it
impacts the LZO code that's included in gst-libav.
http://www.openwall.com/lists/oss-security/2014/06/26/22 Background: http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html |
This task depends upon
Closed by Jan Alexander Steffens (heftig)
Saturday, 28 June 2014, 15:37 GMT
Reason for closing: Fixed
Additional comments about closing: gst-libav 1.2.4-2 updated to libav 9.14
Saturday, 28 June 2014, 15:37 GMT
Reason for closing: Fixed
Additional comments about closing: gst-libav 1.2.4-2 updated to libav 9.14
http://fastcompression.blogspot.fr/2014/06/lets-move-on.html