[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3355-2] libvdpau regression update

Hi *

the amd64 build for 0.8-3+deb8u2 seems to be missing from [1].

Is this an error or am I missing something?


Thanks
Daniel


[1] http://security.debian.org/pool/updates/main/libv/libvdpau/



On 11/02/2015 08:27 PM, Alessandro Ghedini wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3355-2                   security@debian.org
> https://www.debian.org/security/                       Alessandro Ghedini
> November 02, 2015                     https://www.debian.org/security/faq
> -------------------------------------------------------------------------
> 
> Package        : libvdpau
> Debian Bug     : 802625
> 
> The previous update for libvdpau, DSA-3355-1, introduced a regression in
> the stable distribution (jessie) causing a segmentation fault when the
> DRI_PRIME environment variable is set. For reference, the original
> advisory text follows.
> 
> Florian Weimer of Red Hat Product Security discovered that libvdpau, the
> VDPAU wrapper library, did not properly validate environment variables,
> allowing local attackers to gain additional privileges.
> 
> For the stable distribution (jessie), this problem has been fixed in
> version 0.8-3+deb8u2.
> 
> We recommend that you upgrade your libvdpau packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> 
>
Reply to: