FS#70039 - [libebml] [Security] arbitrary code execution (CVE-2021-3405)
Attached to Project:
Arch Linux
Opened by Jonas Witschel (diabonas) - Wednesday, 17 March 2021, 11:37 GMT
Last edited by Maxime Gauduin (Alucryd) - Thursday, 18 March 2021, 09:21 GMT
Opened by Jonas Witschel (diabonas) - Wednesday, 17 March 2021, 11:37 GMT
Last edited by Maxime Gauduin (Alucryd) - Thursday, 18 March 2021, 09:21 GMT
|
Details
Summary
======= The package libebml is vulnerable to arbitrary code execution via CVE-2021-3405. Guidance ======== Upgrading libebml to the latest version 1.4.2 (https://github.com/Matroska-Org/libebml/releases/tag/release-1.4.2) fixes the issue. References ========== https://security.archlinux.org/AVG-1554 https://bugzilla.redhat.com/show_bug.cgi?id=1926990 https://github.com/Matroska-Org/libebml/issues/74 https://github.com/Matroska-Org/libebml/pull/76 https://github.com/Matroska-Org/libebml/commit/3d3d2cff9b012059fa7cb536399b582cc796e04f |
This task depends upon
Closed by Maxime Gauduin (Alucryd)
Thursday, 18 March 2021, 09:21 GMT
Reason for closing: Fixed
Additional comments about closing: 1.4.2-1
Thursday, 18 March 2021, 09:21 GMT
Reason for closing: Fixed
Additional comments about closing: 1.4.2-1