Hi, On Sun, Jan 20, 2019 at 03:22:31PM +0100, Sebastian Ramacher wrote: > On 2019-01-19 22:36:05, Salvatore Bonaccorso wrote: > > Hey! > > > > On Thu, Jan 17, 2019 at 12:00:13AM +0100, Sebastian Ramacher wrote: > > > Control: found -1 2016.11.28-1 > > > > > > On 2019-01-16 23:19:45, Moritz Muehlenhoff wrote: > > > > Source: liblivemedia > > > > Severity: grave > > > > Tags: security > > > > > > > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256 > > > > > > > > Cheers, > > > > Moritz > > > > > > Not sure if I'm missing something, but the PoC does not seem to work on > > > buster/sid. On stretch I get segfaults, but only if I abort the PoC. So > > > marking > > > as found in stable and closing for sid. > > > > Not having a poc triggering does not necessarly mean the issue needs > > to be fixed. Do we know something on the actual fix? Skimming (but > > only superficial) in the git repository I have not found something > > obvious, but possible I only missed it. > > http://lists.live555.com/pipermail/live-devel/2018-November/021099.html > explicitely mentions that the issue was fixed in 2018.11.26.
perfect, thank you! Salvatore