Bug#840338: libass: CVE-2016-7971: large allocation leading to crash

Salvatore Bonaccorso carnil at debian.org
Thu Oct 27 08:41:41 UTC 2016


Hi,

On Wed, Oct 26, 2016 at 09:46:57PM +0200, Ola Lundqvist wrote:
> Hi
> 
> I had a quick look at libass today regarding CVE-2016-7971.
> 
> When I read the discussion thread about this issue it looks like the
> problem is not only disputed upstream, but actually disputed by the person
> reporting the issue. Or rather the person reporting the issue has carified
> that the problem is not in libass but rather in the application using
> libass.
> 
> So if you do not mind I think we should both claim that the libass is not
> vulnerable and also close #840338.
> 
> If I do not hear an objection about this I will do so.

I asked for clarification here:

http://www.openwall.com/lists/oss-security/2016/10/27/5

Regards,
Salvatore



More information about the pkg-multimedia-maintainers mailing list