Bug#745301: libmms: CVE-2014-2892: heap-based buffer overflow
Sebastian Ramacher
sramacher at debian.org
Fri Apr 25 15:19:36 UTC 2014
On 2014-04-25 16:58:53, Moritz Muehlenhoff wrote:
> On Fri, Apr 25, 2014 at 04:41:36PM +0200, Sebastian Ramacher wrote:
> > On 2014-04-25 16:40:28, Sebastian Ramacher wrote:
> > > Hi Security Team,
> > >
> > > On 2014-04-20 11:59:23, Salvatore Bonaccorso wrote:
> > > > Source: libmms
> > > > Version: 0.6-1
> > > > Severity: grave
> > > > Tags: security upstream fixed-upstream
> > > >
> > > > Hi,
> > > >
> > > > the following vulnerability was published for libmms.
> > > >
> > > > CVE-2014-2892[0]:
> > > > heap-based buffer overflow
> > >
> > > Please find attached the debdiffs for squeeze and wheezy. Please let me know if
> > > it's okay to upload them to the squeeze-security and wheezy-security.
> >
> > And here are the patches.
>
> Please upload to security-master. Note that both updates need to be build with "-sa" since
> libmms is new in the security suites.
Built with -sa and uploaded.
Cheers
--
Sebastian Ramacher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20140425/2863ab0a/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list