Bug 25675 - libvpx new security issues CVE-2019-9232, CVE-2019-9325, CVE-2019-9433
Summary: libvpx new security issues CVE-2019-9232, CVE-2019-9325, CVE-2019-9433
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL:
Whiteboard: MGA7TOO
Keywords:
: 25775 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-11-09 15:14 CET by David Walser
Modified: 2019-11-28 16:27 CET (History)
2 users (show)

See Also:
Source RPM: libvpx-1.8.1-2.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-11-09 15:14:42 CET
Chromium has fixed issues in its bundled copy of libvpx:
https://www.openwall.com/lists/oss-security/2019/11/07/1

Links to the fixes are in the message above.
David Walser 2019-11-09 15:14:51 CET

Whiteboard: (none) => MGA7TOO

Comment 1 David Walser 2019-11-09 15:34:59 CET
The fixes are actually in Android, not Chromium.
Comment 2 Christiaan Welvaart 2019-11-09 15:54:41 CET
Looking at upstream git tags I get the following:

CVE-2019-9325
	included in libvpx v1.8.1 so fixed in cauldron
	included in libvpx v1.8.0 so fixed in mga7

CVE-2019-9232
	included in libvpx v1.8.1 so fixed in cauldron
	included in libvpx v1.8.0 so fixed in mga7

CVE-2019-9433
	included in libvpx v1.8.1 so fixed in cauldron
	included in libvpx v1.8.0 so fixed in mga7

CC: (none) => cjw

Comment 3 David Walser 2019-11-09 16:14:28 CET
Thanks!

Resolution: (none) => INVALID
Status: NEW => RESOLVED

Comment 4 David Walser 2019-11-28 16:27:46 CET
*** Bug 25775 has been marked as a duplicate of this bug. ***

CC: (none) => zombie.ryushu


Note You need to log in before you can comment on or make changes to this bug.