FS#68042 - [libass][security] buffer overflow
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Tuesday, 29 September 2020, 18:59 GMT
Last edited by Maxime Gauduin (Alucryd) - Tuesday, 27 October 2020, 13:29 GMT
Opened by T.J. Townsend (blakkheim) - Tuesday, 29 September 2020, 18:59 GMT
Last edited by Maxime Gauduin (Alucryd) - Tuesday, 27 October 2020, 13:29 GMT
|
Details
Description:
The libass package is currently vulnerable to a buffer overflow bug. Upstream has not made a new release since 2017. Switching to a git clone with the fix(es) may be needed. Additional info: https://github.com/libass/libass/issues/431 https://github.com/libass/libass/pull/432 https://github.com/libass/libass/commit/dfb0d9c8afecf5d27b571113d1d48dc993a3760f |
This task depends upon
Closed by Maxime Gauduin (Alucryd)
Tuesday, 27 October 2020, 13:29 GMT
Reason for closing: Fixed
Additional comments about closing: 0.15.0
Tuesday, 27 October 2020, 13:29 GMT
Reason for closing: Fixed
Additional comments about closing: 0.15.0
I'm unsure whether pkgrel needs a bump when the version is appended with git stuff, so feel free to change that line if not.
It passes a built test here.
The fix [2] applies cleanly to it but has not been merged. Do any of the packages depending on it need patches for compatibility?
For instance the srt update broke building ffmpeg and vlc and aegisub is still broken from the ffms2 update.
[1] https://github.com/libass/libass/commit/e5140624ff739c3157929bc5e1a1007cdc9cdaa8
[2] https://github.com/libass/libass/commit/dfb0d9c8afecf5d27b571113d1d48dc993a3760f