FS#70074 - [mediainfo] [Security] arbitrary code execution (CVE-2020-26797)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Friday, 19 March 2021, 11:43 GMT
Last edited by Johannes Löthberg (demize) - Saturday, 20 March 2021, 11:59 GMT
Opened by Jonas Witschel (diabonas) - Friday, 19 March 2021, 11:43 GMT
Last edited by Johannes Löthberg (demize) - Saturday, 20 March 2021, 11:59 GMT
|
Details
Summary
======= The package mediainfo is vulnerable to arbitrary code execution via CVE-2020-26797. Guidance ======== Applying commit 7bab1c3a043784be2c90f2e54a0e5a8d7263eead referenced below fixes the issue. References ========== https://security.archlinux.org/AVG-1706 https://sourceforge.net/p/mediainfo/bugs/1154/ https://github.com/MediaArea/MediaInfoLib/pull/1313 https://github.com/MediaArea/MediaInfoLib/commit/7bab1c3a043784be2c90f2e54a0e5a8d7263eead |
This task depends upon
Closed by Johannes Löthberg (demize)
Saturday, 20 March 2021, 11:59 GMT
Reason for closing: Fixed
Additional comments about closing: It's actually the libmediainfo package rather than the mediainfo package that this patch belongs to.
libmediainfo 20.09-2 is in community now.
Saturday, 20 March 2021, 11:59 GMT
Reason for closing: Fixed
Additional comments about closing: It's actually the libmediainfo package rather than the mediainfo package that this patch belongs to.
libmediainfo 20.09-2 is in community now.