Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Dec 2015 02:28:26 +0000
From: limingxing <limingxing@....cn>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE request rtmpdump:  the 6 vulnerabilities have been fixed

Hello,
CVE request rtmpdump:  the 6 vulnerabilities have been fixed by Howard Chu a few days ago!
These vulnerabilities affect latest version of ubuntu kylin by the smplayer!

Thank you !


The git(git://git.ffmpeg.org/rtmpdump)log is:

commit fa8646daeb19dfd12c181f7d19de708d623704c0
Author: Howard Chu <hyc@...hlandsun.com>
Date:   Wed Dec 23 18:58:50 2015 +0000

    Fix issue 6-7/7 from LMX of Qihoo 360 Codesafe Team
    
    Additional decode input size checks

commit 07c10ae612bf5c2dbea594dcbd4da85c54dba1e4
Author: Howard Chu <hyc@...hlandsun.com>
Date:   Wed Dec 23 18:28:13 2015 +0000

    Fix issue 5/7 from LMX of Qihoo 360 Codesafe Team
    
    Ignore zero-length packets

commit 7c68ad18f4296911114470bb4caaa673d55c8447
Author: Howard Chu <hyc@...hlandsun.com>
Date:   Wed Dec 23 18:10:15 2015 +0000

    Fix issue 4/7 from LMX of Qihoo 360 Codesafe Team
    
    Potential integer overflow in RTMPPacket_Alloc().
    

commit f3042b5bb7dcb42eda32ad9dd88029b24a2c282b
Author: Howard Chu <hyc@...hlandsun.com>
Date:   Wed Dec 23 17:53:34 2015 +0000

    Fix issue 2/7 from LMX of Qihoo 360 Codesafe Team
    
    Obsolete RTMPPacket_Free() call left over from original C++ to C rewrite

commit 71fe4f2435beaccca046dad3905840615b76b085
Author: Howard Chu <hyc@...hlandsun.com>
Date:   Wed Dec 23 17:51:39 2015 +0000

    Fix issue 1/7 from LMX of Qihoo 360 Codesafe Team
    
    AMFProp_GetObject must make sure the prop is actually an object

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ