Bug#840338: libass: CVE-2016-7971: large allocation leading to crash
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 27 08:41:41 UTC 2016
Hi,
On Wed, Oct 26, 2016 at 09:46:57PM +0200, Ola Lundqvist wrote:
> Hi
>
> I had a quick look at libass today regarding CVE-2016-7971.
>
> When I read the discussion thread about this issue it looks like the
> problem is not only disputed upstream, but actually disputed by the person
> reporting the issue. Or rather the person reporting the issue has carified
> that the problem is not in libass but rather in the application using
> libass.
>
> So if you do not mind I think we should both claim that the libass is not
> vulnerable and also close #840338.
>
> If I do not hear an objection about this I will do so.
I asked for clarification here:
http://www.openwall.com/lists/oss-security/2016/10/27/5
Regards,
Salvatore
More information about the pkg-multimedia-maintainers
mailing list