User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2012-0218 (avidemux)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2012-0218: avidemux-2.5.6-2.1.mga2 (2/core, tainted)
Date:  Sat, 18 Aug 2012 10:45:35 +0200
Message-ID:  <20120818084535.GA14915@valstar.mageia.org>
Archive-link:  Article, Thread

MGASA-2012-0218 Date: August 18th, 2012 Affected releases: 2 Description: Updated avidemux packages fix security vulnerabilities: vqavideodev: Check image dimensions, fixes out of heap array read (CVE-2012-0947) vorbis: make sure ch is non zero before calling vorbis_residue_decode (CVE-2011-3895) ogg: Avoid the possibility to read out-of-bounds of a static global array in Vorbis decoding (CVE-2011-3893) mkv: Fix a bug where a pointer was cached to an array that might later move due to a realloc() (CVE-2011-3893) Updated Packages: avidemux-2.5.6-2.1.mga2 avidemux-gtk-2.5.6-2.1.mga2 avidemux-qt-2.5.6-2.1.mga2 avidemux-cli-2.5.6-2.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947 https://bugs.mageia.org/show_bug.cgi?id=6956 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds