Bug#919529: CVE-2019-6256

To: Sebastian Ramacher <sramacher@debian.org>
Cc: 919529@bugs.debian.org
Subject: Bug#919529: CVE-2019-6256
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Thu, 17 Jan 2019 22:46:25 +0100
Message-id: <[🔎] 20190117214625.GC1262@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 919529@bugs.debian.org
In-reply-to: <[🔎] 20190116230013.GA12486@ramacher.at>
References: <[🔎] 154767718594.29820.9309924584464370365.reportbug@hullmann.westfalen.local> <[🔎] 20190116230013.GA12486@ramacher.at> <[🔎] 154767718594.29820.9309924584464370365.reportbug@hullmann.westfalen.local>

On Thu, Jan 17, 2019 at 12:00:13AM +0100, Sebastian Ramacher wrote:
> Control: found -1 2016.11.28-1
> 
> On 2019-01-16 23:19:45, Moritz Muehlenhoff wrote:
> > Source: liblivemedia
> > Severity: grave
> > Tags: security
> > 
> > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256
> > 
> > Cheers,
> >         Moritz
> 
> Not sure if I'm missing something, but the PoC does not seem to work on
> buster/sid.

Quite possible, I hadn't reproduced it myself yet and upstream homepage
wasn't that obvious wrt existing fixes.

Cheers,
        Moritz

Reply to:

References:
- Bug#919529: CVE-2019-6256
  - From: Moritz Muehlenhoff <jmm@debian.org>
- Bug#919529: CVE-2019-6256
  - From: Sebastian Ramacher <sramacher@debian.org>

Prev by Date: Bug#910451: marked as done (bs1770gain segfaults on MP3 files)
Next by Date: Bug#883198: marked as done (bs1770gain: use after free while running bs1770gain with "poc output" option)
Previous by thread: Bug#919529: CVE-2019-6256
Next by thread: Bug#919529: CVE-2019-6256
Index(es):
- Date
- Thread