Hello community, here is the log from the commit of package libebml for openSUSE:Factory checked in at 2015-10-24 10:29:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libebml (Old) and /work/SRC/openSUSE:Factory/.libebml.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libebml" Changes: -------- --- /work/SRC/openSUSE:Factory/libebml/libebml.changes 2015-05-06 07:46:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libebml.new/libebml.changes 2015-10-24 10:30:12.000000000 +0200 @@ -2 +2,23 @@ -Fri May 1 17:55:20 UTC 2015 - [email protected] +Thu Oct 22 08:34:42 UTC 2015 - [email protected] + +- Update to new upstream release 1.3.3 (security fixes!): +* EbmlUnicodeString::UpdateFromUTF8(): Fixed an invalid memory + access. When reading from a UTF-8 string in which the length + indicated by a UTF-8 character's first byte exceeds the string's + actual number of bytes the parser would access beyond the end of + the string resulting in a heap information leak. Fixes the issue + reported as Cisco TALOS-CAN-0036. +* EbmlElement::ReadCodedSizeValue(): Fixed an invalid memory + access. When reading a EBML variable length integer value a read + access beyond the end of the available buffer was possible if + fewer bytes were available than indicated by the first byte + resulting in a heap information leak. +* EbmlMaster::Read(): When the parser encountered a deeply nested + element with an infinite size then a following element of an upper + level was not propagated correctly. Instead the element with the + infinite size was added into the EBML element tree a second time + resulting in memory access after freeing it and multiple attempts + to free the same memory address during destruction. Fixes the + issue reported as Cisco TALOS-CAN-0037. +* EbmlElement::FindNextElement(): Handle EOF when reading the + element size properly. @@ -3,0 +26,2 @@ +------------------------------------------------------------------- +Fri May 1 17:55:20 UTC 2015 - [email protected] Old: ---- libebml-1.3.1.tar.bz2 New: ---- libebml-1.3.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libebml.spec ++++++ --- /var/tmp/diff_new_pack.TrZ7k3/_old 2015-10-24 10:30:12.000000000 +0200 +++ /var/tmp/diff_new_pack.TrZ7k3/_new 2015-10-24 10:30:12.000000000 +0200 @@ -19,7 +19,7 @@ %define soname 4 Name: libebml -Version: 1.3.1 +Version: 1.3.3 Release: 0 Summary: Library to parse EBML (Extensible Binary Markup Language) files License: LGPL-2.1+ ++++++ libebml-1.3.1.tar.bz2 -> libebml-1.3.3.tar.bz2 ++++++ ++++ 7895 lines of diff (skipped)
