FEDORA-2019-07598ce28e — security update for libmp4v2

obsolete

libmp4v2-2.1.0-0.18.trunkREV507.fc29

FEDORA-2019-07598ce28e created by sergiomb 5 years ago for Fedora 29

Fix https://nvd.nist.gov/vuln/detail/CVE-2018-14446 https://nvd.nist.gov/vuln/detail/CVE-2018-14403 https://nvd.nist.gov/vuln/detail/CVE-2018-14379 https://nvd.nist.gov/vuln/detail/CVE-2018-14326 https://nvd.nist.gov/vuln/detail/CVE-2018-14325 https://nvd.nist.gov/vuln/detail/CVE-2018-14054 based on https://github.com/TechSmith/mp4v2/pull/27 and https://github.com/sergiomb2/libmp4v2/

This update has been submitted for testing by sergiomb.

5 years ago

This update's test gating status has been changed to 'waiting'.

5 years ago

This update's test gating status has been changed to 'ignored'.

5 years ago

sergiomb edited this update.

5 years ago

This update has been pushed to testing.

5 years ago

This update has been obsoleted by libmp4v2-2.1.0-0.19.trunkREV507.fc29.

5 years ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Thresholds

Minimum Karma

Minimum Testing

7 days

Dates

submitted

5 years ago

in testing

5 years ago

modified

5 years ago

Builds

libmp4v2-2.1.0-0.18.trunkREV507.fc29

BZ#1601675 CVE-2018-14326 libmp4v2: Missing check for integer overflow in mp4array.h:Resize() allows for denial of service via crafted MP4 [fedora-all]

BZ#1601679 CVE-2018-14325 libmp4v2: Integer underflow in when parsing MP4Atom in mp4atom.cpp [fedora-all]

BZ#1603224 CVE-2018-14403 libmp4v2: Out-of-bounds read in MP4NameFirstMatches in mp4util.cpp [fedora-all]

BZ#1603236 CVE-2018-14379 libmp4v2: Type confusion in MP4Atom::factory in mp4atom.cpp [fedora-all]

BZ#1603296 CVE-2018-14054 libmp4v2: Double free in the MP4StringProperty class in mp4property.cpp [fedora-all]

libmp4v2-2.1.0-0.18.trunkREV507.fc29

Automated Test Results

ignored