Bug#919529: CVE-2019-6256
Hi, On Sun, Jan 20, 2019 at 03:22:31PM +0100, Sebastian Ramacher wrote: > On 2019-01-19 22:36:05, Salvatore Bonaccorso wrote: > > Hey! > > > > On Thu, Jan 17, 2019 at 12:00:13AM +0100, Sebastian Ramacher wrote: > > > Control: found -1 2016.11.28-1 > > > > > > On 2019-01-16 23:19:45, Moritz Muehlenhoff wrote: > > > > Source: liblivemedia > > > > Severity: grave > > > > Tags: security > > > > > > > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256 > > > > > > > > Cheers, > > > > Moritz > > > > > > Not sure if I'm missing something, but the PoC does not seem to work on > > > buster/sid. On stretch I get segfaults, but only if I abort the PoC. So > > > marking > > > as found in stable and closing for sid. > > > > Not having a poc triggering does not necessarly mean the issue needs > > to be fixed. Do we know something on the actual fix? Skimming (but > > only superficial) in the git repository I have not found something > > obvious, but possible I only missed it. > > http://lists.live555.com/pipermail/live-devel/2018-November/021099.html > explicitely mentions that the issue was fixed in 2018.11.26. perfect, thank you! Salvatore
Bug#919529: CVE-2019-6256
On 2019-01-19 22:36:05, Salvatore Bonaccorso wrote: > Hey! > > On Thu, Jan 17, 2019 at 12:00:13AM +0100, Sebastian Ramacher wrote: > > Control: found -1 2016.11.28-1 > > > > On 2019-01-16 23:19:45, Moritz Muehlenhoff wrote: > > > Source: liblivemedia > > > Severity: grave > > > Tags: security > > > > > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256 > > > > > > Cheers, > > > Moritz > > > > Not sure if I'm missing something, but the PoC does not seem to work on > > buster/sid. On stretch I get segfaults, but only if I abort the PoC. So > > marking > > as found in stable and closing for sid. > > Not having a poc triggering does not necessarly mean the issue needs > to be fixed. Do we know something on the actual fix? Skimming (but > only superficial) in the git repository I have not found something > obvious, but possible I only missed it. http://lists.live555.com/pipermail/live-devel/2018-November/021099.html explicitely mentions that the issue was fixed in 2018.11.26. Cheers -- Sebastian Ramacher signature.asc Description: PGP signature
Bug#919529: CVE-2019-6256
Hey! On Thu, Jan 17, 2019 at 12:00:13AM +0100, Sebastian Ramacher wrote: > Control: found -1 2016.11.28-1 > > On 2019-01-16 23:19:45, Moritz Muehlenhoff wrote: > > Source: liblivemedia > > Severity: grave > > Tags: security > > > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256 > > > > Cheers, > > Moritz > > Not sure if I'm missing something, but the PoC does not seem to work on > buster/sid. On stretch I get segfaults, but only if I abort the PoC. So > marking > as found in stable and closing for sid. Not having a poc triggering does not necessarly mean the issue needs to be fixed. Do we know something on the actual fix? Skimming (but only superficial) in the git repository I have not found something obvious, but possible I only missed it. Regards, Salvatore
Bug#919529: CVE-2019-6256
On Thu, Jan 17, 2019 at 12:00:13AM +0100, Sebastian Ramacher wrote: > Control: found -1 2016.11.28-1 > > On 2019-01-16 23:19:45, Moritz Muehlenhoff wrote: > > Source: liblivemedia > > Severity: grave > > Tags: security > > > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256 > > > > Cheers, > > Moritz > > Not sure if I'm missing something, but the PoC does not seem to work on > buster/sid. Quite possible, I hadn't reproduced it myself yet and upstream homepage wasn't that obvious wrt existing fixes. Cheers, Moritz
Bug#919529: CVE-2019-6256
Control: found -1 2016.11.28-1 On 2019-01-16 23:19:45, Moritz Muehlenhoff wrote: > Source: liblivemedia > Severity: grave > Tags: security > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256 > > Cheers, > Moritz Not sure if I'm missing something, but the PoC does not seem to work on buster/sid. On stretch I get segfaults, but only if I abort the PoC. So marking as found in stable and closing for sid. Cheers -- Sebastian Ramacher signature.asc Description: PGP signature
Processed: Re: Bug#919529: CVE-2019-6256
Processing control commands: > found -1 2016.11.28-1 Bug #919529 [src:liblivemedia] CVE-2019-6256 Marked as found in versions liblivemedia/2016.11.28-1. -- 919529: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919529 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#919529: CVE-2019-6256
Source: liblivemedia Severity: grave Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256 Cheers, Moritz