Cisco found a security bug in libmatroska labeled TALOS-CAN-0037, but not yet available to the public at http://talosintel.com/vulnerability-reports/ The fix is in libmatroska 1.4.4 and in git, this might be the commit, I am not sure: https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f Reproducible: Steps to Reproduce:
Depends on: (none) => 17004
Thanks for the report. Update is checked into SVN. Hopefully we won't have to wait until 60 days after 10-08-2015 for details. I'd be interested to know how you found this info and if you know when we can expect any more details.
Summary: security issue in libmatroska => libmatroska new security issue TAOLS-CAN-0037
Depends on: 17004 => (none)
All of the security fixes are in libebml. Rolling everything into that bug. *** This bug has been marked as a duplicate of bug 17004 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATESummary: libmatroska new security issue TAOLS-CAN-0037 => libmatroska new bugfix release 1.4.4