Bug#797895: libvdpau: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200
Alessandro Ghedini
ghedo at debian.org
Thu Sep 3 12:49:50 UTC 2015
Source: libvdpau
Severity: important
Tags: security, fixed-upstream
Hi,
the following vulnerabilities were published for libvdpau.
CVE-2015-5198[0]:
incorrect check for security transition
CVE-2015-5199[1]:
directory traversal in dlopen
CVE-2015-5200[2]:
vulnerability in trace functionality
All of them are fixed by the patch [3], shipped in the 1.1.1 upstream
release.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5198
[1] https://security-tracker.debian.org/tracker/CVE-2015-5199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5199
[2] https://security-tracker.debian.org/tracker/CVE-2015-5200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5200
[3] http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4
Please adjust the affected versions in the BTS as needed.
Cheers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20150903/12b4ef16/attachment.sig>
More information about the pkg-nvidia-devel
mailing list