Re: [SECURITY] [DSA 3355-2] libvdpau regression update
Hi *
the amd64 build for 0.8-3+deb8u2 seems to be missing from [1].
Is this an error or am I missing something?
Thanks
Daniel
[1] http://security.debian.org/pool/updates/main/libv/libvdpau/
On 11/02/2015 08:27 PM, Alessandro Ghedini wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3355-2 security@debian.org
> https://www.debian.org/security/ Alessandro Ghedini
> November 02, 2015 https://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package : libvdpau
> Debian Bug : 802625
>
> The previous update for libvdpau, DSA-3355-1, introduced a regression in
> the stable distribution (jessie) causing a segmentation fault when the
> DRI_PRIME environment variable is set. For reference, the original
> advisory text follows.
>
> Florian Weimer of Red Hat Product Security discovered that libvdpau, the
> VDPAU wrapper library, did not properly validate environment variables,
> allowing local attackers to gain additional privileges.
>
> For the stable distribution (jessie), this problem has been fixed in
> version 0.8-3+deb8u2.
>
> We recommend that you upgrade your libvdpau packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
>
>
Reply to: