UbuntuUpdates.org

Package "libebml"

Name: libebml

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • access library for the EBML format (development files)
  • access library for the EBML format (shared library)

Latest version: 1.3.3-1ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe

Links



Other versions of "libebml" in Xenial

Repository Area Version
base universe 1.3.3-1
updates universe 1.3.3-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.3-1ubuntu0.1 2019-07-25 15:07:25 UTC

  libebml (1.3.3-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: heap-based out of bounds read
    - debian/patches/CVE-2019-13615-1.patch: check the max size to read
      before actually reading in src/EbmlElement.cpp.
    - debian/patches/CVE-2019-13615-2.patch: do not output an element with
      size Unknown if it's not allowed in src/EbmlElement.cpp.
    - debian/patches/CVE-2019-13615-3.patch: exit the max size loop when
      there's nothing left possible to find in src/EbmlElement.cpp.
    - debian/patches/CVE-2019-13615-4.patch: rework the way we look at the
      end boundary when looking an element in a parent in
      src/EbmlElement.cpp.
    - CVE-2019-13615

 -- Marc Deslauriers <email address hidden> Wed, 24 Jul 2019 14:03:37 -0400

CVE-2019-13615 VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from



About   -   Send Feedback to @ubuntu_updates