Bug#797895: libvdpau: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200
luca.boccassi at gmail.com
Fri Sep 4 00:24:07 UTC 2015
On Thu, 2015-09-03 at 14:49 +0200, Alessandro Ghedini wrote:
> Source: libvdpau
> Severity: important
> Tags: security, fixed-upstream
> the following vulnerabilities were published for libvdpau.
> incorrect check for security transition
> directory traversal in dlopen
> vulnerability in trace functionality
> All of them are fixed by the patch , shipped in the 1.1.1 upstream
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
Thanks for the heads-up!
I have updated the libvdpau git repo with the new release . I have
tested the amd64 and i386 packages in Jessie, and they seem to work just
fine with vdpauinfo and VLC.
Could you please review and do a new upload, when you have time?
Tomorrow I'll look into backporting the fix to Wheezy and Squeeze.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the pkg-nvidia-devel