Bug 17005 - libmatroska new bugfix release 1.4.4
Summary: libmatroska new bugfix release 1.4.4
Status: RESOLVED DUPLICATE of bug 17004
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-24 13:02 CEST by Götz Waschk
Modified: 2015-11-02 22:35 CET (History)
0 users

See Also:
Source RPM: libmatroska-1.4.1-5.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Götz Waschk 2015-10-24 13:02:02 CEST 
Cisco found a security bug in libmatroska labeled 
TALOS-CAN-0037, but not yet available to the public at http://talosintel.com/vulnerability-reports/

The fix is in libmatroska 1.4.4 and in git, this might be the commit, I am not sure:
https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f



Reproducible: 

Steps to Reproduce:
Götz Waschk 2015-10-24 13:02:23 CEST

Depends on: (none) => 17004

Comment 1 David Walser 2015-10-30 15:51:20 CET 
Thanks for the report.  Update is checked into SVN.  Hopefully we won't have to wait until 60 days after 10-08-2015 for details.  I'd be interested to know how you found this info and if you know when we can expect any more details.

Summary: security issue in libmatroska => libmatroska new security issue TAOLS-CAN-0037

David Walser 2015-11-02 22:34:22 CET

Depends on: 17004 => (none)

Comment 2 David Walser 2015-11-02 22:35:05 CET 
All of the security fixes are in libebml.  Rolling everything into that bug.

*** This bug has been marked as a duplicate of bug 17004 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE
Summary: libmatroska new security issue TAOLS-CAN-0037 => libmatroska new bugfix release 1.4.4
Note You need to log in before you can comment on or make changes to this bug.