Bug#986839: mpv: New upstream version 0.33.1 fixes CVE-2021-30145

Mon, 12 Apr 2021 14:51:51 -0700 

Package: mpv
Version: 0.32.0-2+b1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <[email protected]>

Dear Maintainer,

Version 0.33.1 was released on Mon, 5 Apr 2021. Apparently this fixes a
security problem (CVE-2021-30145) that affects every version since 2002.

A description of the problem can be found at:

        
https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b

The release can be found at:

        https://github.com/mpv-player/mpv/releases

Thanks,

Wessel Dankers

-- System Information:
Debian Release: bullseye/sid
 APT prefers testing
 APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mpv depends on:
ii  libarchive13                      3.4.3-2+b1
ii  libasound2                        1.2.4-1.1
ii  libass9                           1:0.15.0-1
ii  libavcodec58                      7:4.3.2-0+deb11u1
ii  libavdevice58                     7:4.3.2-0+deb11u1
ii  libavfilter7                      7:4.3.2-0+deb11u1
ii  libavformat58                     7:4.3.2-0+deb11u1
ii  libavutil56                       7:4.3.2-0+deb11u1
ii  libbluray2                        1:1.2.1-4
ii  libc6                             2.31-11
ii  libcaca0                          0.99.beta19-2.2
ii  libcdio-cdda2                     10.2+2.0.0-1+b2
ii  libcdio-paranoia2                 10.2+2.0.0-1+b2
ii  libcdio19                         2.1.0-2
ii  libdrm2                           2.4.104-1
ii  libdvdnav4                        6.1.0-1+b1
ii  libegl1                           1.3.2-1
ii  libgbm1                           20.3.4-1
ii  libgl1                            1.3.2-1
ii  libjack-jackd2-0 [libjack-0.125]  1.9.17~dfsg-1
ii  libjpeg62-turbo                   1:2.0.6-4
ii  liblcms2-2                        2.12~rc1-2
ii  liblua5.2-0                       5.2.4-1.1+b3
ii  libpulse0                         14.2-2
ii  librubberband2                    1.9.0-1
ii  libsdl2-2.0-0                     2.0.14+dfsg2-3
ii  libsmbclient                      2:4.13.5+dfsg-1
ii  libsndio7.0                       1.5.0-3
ii  libswresample3                    7:4.3.2-0+deb11u1
ii  libswscale5                       7:4.3.2-0+deb11u1
ii  libuchardet0                      0.0.7-1
ii  libva-drm2                        2.10.0-1
ii  libva-wayland2                    2.10.0-1
ii  libva-x11-2                       2.10.0-1
ii  libva2                            2.10.0-1
ii  libvdpau1                         1.4-3
ii  libwayland-client0                1.18.0-2~exp1.1
ii  libwayland-cursor0                1.18.0-2~exp1.1
ii  libwayland-egl1                   1.18.0-2~exp1.1
ii  libx11-6                          2:1.7.0-2
ii  libxext6                          2:1.3.3-1.1
ii  libxinerama1                      2:1.1.4-2
ii  libxkbcommon0                     1.0.3-2
ii  libxrandr2                        2:1.5.1-1
ii  libxss1                           1:1.2.3-1
ii  libxv1                            2:1.0.11-1
ii  zlib1g                            1:1.2.11.dfsg-2

Versions of packages mpv recommends:
pn  xdg-utils   <none>
pn  youtube-dl  <none>

mpv suggests no packages.

-- no debconf information

Attachment: signature.asc
Description: PGP signature

Reply via email to