Bug#745301: libmms: CVE-2014-2892: heap-based buffer overflow
Moritz Muehlenhoff
jmm at inutil.org
Fri Apr 25 14:58:53 UTC 2014
On Fri, Apr 25, 2014 at 04:41:36PM +0200, Sebastian Ramacher wrote:
> On 2014-04-25 16:40:28, Sebastian Ramacher wrote:
> > Hi Security Team,
> >
> > On 2014-04-20 11:59:23, Salvatore Bonaccorso wrote:
> > > Source: libmms
> > > Version: 0.6-1
> > > Severity: grave
> > > Tags: security upstream fixed-upstream
> > >
> > > Hi,
> > >
> > > the following vulnerability was published for libmms.
> > >
> > > CVE-2014-2892[0]:
> > > heap-based buffer overflow
> >
> > Please find attached the debdiffs for squeeze and wheezy. Please let me know if
> > it's okay to upload them to the squeeze-security and wheezy-security.
>
> And here are the patches.
Please upload to security-master. Note that both updates need to be build with "-sa" since
libmms is new in the security suites.
Cheers,
Moritz
More information about the pkg-multimedia-maintainers
mailing list