Bug 17005

Summary: libmatroska new bugfix release 1.4.4
Product: Mageia Reporter: Götz Waschk <goetz.waschk>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libmatroska-1.4.1-5.mga5.src.rpm CVE:
Status comment:

Description Götz Waschk 2015-10-24 13:02:02 CEST 
Cisco found a security bug in libmatroska labeled 
TALOS-CAN-0037, but not yet available to the public at http://talosintel.com/vulnerability-reports/

The fix is in libmatroska 1.4.4 and in git, this might be the commit, I am not sure:
https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f



Reproducible: 

Steps to Reproduce:
Götz Waschk 2015-10-24 13:02:23 CEST

Depends on: (none) => 17004

Comment 1 David Walser 2015-10-30 15:51:20 CET 
Thanks for the report.  Update is checked into SVN.  Hopefully we won't have to wait until 60 days after 10-08-2015 for details.  I'd be interested to know how you found this info and if you know when we can expect any more details.

Summary: security issue in libmatroska => libmatroska new security issue TAOLS-CAN-0037

David Walser 2015-11-02 22:34:22 CET

Depends on: 17004 => (none)

Comment 2 David Walser 2015-11-02 22:35:05 CET 
All of the security fixes are in libebml.  Rolling everything into that bug.

*** This bug has been marked as a duplicate of bug 17004 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE
Summary: libmatroska new security issue TAOLS-CAN-0037 => libmatroska new bugfix release 1.4.4