On 2019-01-19 22:36:05, Salvatore Bonaccorso wrote: > Hey! > > On Thu, Jan 17, 2019 at 12:00:13AM +0100, Sebastian Ramacher wrote: > > Control: found -1 2016.11.28-1 > > > > On 2019-01-16 23:19:45, Moritz Muehlenhoff wrote: > > > Source: liblivemedia > > > Severity: grave > > > Tags: security > > > > > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256 > > > > > > Cheers, > > > Moritz > > > > Not sure if I'm missing something, but the PoC does not seem to work on > > buster/sid. On stretch I get segfaults, but only if I abort the PoC. So marking > > as found in stable and closing for sid. > > Not having a poc triggering does not necessarly mean the issue needs > to be fixed. Do we know something on the actual fix? Skimming (but > only superficial) in the git repository I have not found something > obvious, but possible I only missed it. http://lists.live555.com/pipermail/live-devel/2018-November/021099.html explicitely mentions that the issue was fixed in 2018.11.26. Cheers -- Sebastian Ramacher
Attachment:
signature.asc
Description: PGP signature