Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 28 Jan 2012 14:39:36 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: (maybe) CVE request: libvpx before 1.0 crasher

libvpx (webm library) has released a new version that fixes a crasher
bug:
http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html

I'm not 100% sure if and in what situation crash bugs qualify as
security issues.

However, I tend to think that this one does. libvpx is used in browsers
and crashing browsers seems an issue to me.
Also, it could be used to crash automatic media re-encoding-services
(e.g. backends of video websites like youtube).

So I'd request a CVE.

-- 
Hanno Böck		mail/jabber: hanno@...eck.de
GPG: BBB51E42		http://www.hboeck.de/

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ