+++ This bug was initially created as a clone of Bug #28278 +++ https://bugs.mageia.org/show_bug.cgi?id=28278#c11 https://bugs.mageia.org/show_bug.cgi?id=28278#c12 1.4.2, which we're updating to here, also fixes a heap overflow (CVE-2021-3405): https://www.debian.org/lts/security/2021/dla-2629 Fedora has issued an advisory for this on March 8: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JNHQI6MDOECJ2HT5GCLEX2DMJFEOWPW7/ We updated Mageia 7 to 1.4.2, but somehow the update failed to make it into Mageia 8.
libebml5-1.4.2-1.mga8 libebml-devel-1.4.2-1.mga8 from libebml-1.4.2-1.mga8.src.rpm
Assignee: mageia => qa-bugsCC: (none) => mageia
VLC working fine with the update lib64ebml5 package.
Whiteboard: (none) => MGA8-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Advisory: ======================== A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml (CVE-2021-3405). References: - https://bugs.mageia.org/show_bug.cgi?id=29222 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3405 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JNHQI6MDOECJ2HT5GCLEX2DMJFEOWPW7/ - https://www.debian.org/lts/security/2021/dla-2629 ======================== Updated packages in core/updates_testing: ======================== libebml5-1.4.2-1.mga8 libebml-devel-1.4.2-1.mga8 from libebml-1.4.2-1.mga8.src.rpm
Keywords: (none) => advisoryCC: (none) => ouaurelien
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0338.html
Status: NEW => RESOLVEDResolution: (none) => FIXED