Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#70074 - [mediainfo] [Security] arbitrary code execution (CVE-2020-26797)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Friday, 19 March 2021, 11:43 GMT
Last edited by Johannes Löthberg (demize) - Saturday, 20 March 2021, 11:59 GMT
Opened by Jonas Witschel (diabonas) - Friday, 19 March 2021, 11:43 GMT
Last edited by Johannes Löthberg (demize) - Saturday, 20 March 2021, 11:59 GMT
|
DetailsSummary
======= The package mediainfo is vulnerable to arbitrary code execution via CVE-2020-26797. Guidance ======== Applying commit 7bab1c3a043784be2c90f2e54a0e5a8d7263eead referenced below fixes the issue. References ========== https://security.archlinux.org/AVG-1706 https://sourceforge.net/p/mediainfo/bugs/1154/ https://github.com/MediaArea/MediaInfoLib/pull/1313 https://github.com/MediaArea/MediaInfoLib/commit/7bab1c3a043784be2c90f2e54a0e5a8d7263eead |
This task depends upon
Closed by Johannes Löthberg (demize)
Saturday, 20 March 2021, 11:59 GMT
Reason for closing: Fixed
Additional comments about closing: It's actually the libmediainfo package rather than the mediainfo package that this patch belongs to.
libmediainfo 20.09-2 is in community now.
Saturday, 20 March 2021, 11:59 GMT
Reason for closing: Fixed
Additional comments about closing: It's actually the libmediainfo package rather than the mediainfo package that this patch belongs to.
libmediainfo 20.09-2 is in community now.