'Re: [oss-security] CVE request rtmpdump: the 6 vulnerabilities have been fixed'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request rtmpdump:  the 6 vulnerabilities have been fixed
From:       Mark Felder <feld () feld ! me>
Date:       2016-02-26 16:29:54
Message-ID: 1456504194.3567268.532868234.2EF42CB3 () webmail ! messagingengine ! com
[Download RAW message or body]



On Tue, Dec 29, 2015, at 20:28, limingxing wrote:
> Hello,
> CVE request rtmpdump:  the 6 vulnerabilities have been fixed by Howard
> Chu a few days ago!
> These vulnerabilities affect latest version of ubuntu kylin by the
> smplayer!
> 
> Thank you !
> 
> 
> The git(git://git.ffmpeg.org/rtmpdump)log is:
> 
> commit fa8646daeb19dfd12c181f7d19de708d623704c0
> Author: Howard Chu <hyc@highlandsun.com>
> Date:   Wed Dec 23 18:58:50 2015 +0000
> 
>     Fix issue 6-7/7 from LMX of Qihoo 360 Codesafe Team
>     
>     Additional decode input size checks
> 
> commit 07c10ae612bf5c2dbea594dcbd4da85c54dba1e4
> Author: Howard Chu <hyc@highlandsun.com>
> Date:   Wed Dec 23 18:28:13 2015 +0000
> 
>     Fix issue 5/7 from LMX of Qihoo 360 Codesafe Team
>     
>     Ignore zero-length packets
> 
> commit 7c68ad18f4296911114470bb4caaa673d55c8447
> Author: Howard Chu <hyc@highlandsun.com>
> Date:   Wed Dec 23 18:10:15 2015 +0000
> 
>     Fix issue 4/7 from LMX of Qihoo 360 Codesafe Team
>     
>     Potential integer overflow in RTMPPacket_Alloc().
>     
> 
> commit f3042b5bb7dcb42eda32ad9dd88029b24a2c282b
> Author: Howard Chu <hyc@highlandsun.com>
> Date:   Wed Dec 23 17:53:34 2015 +0000
> 
>     Fix issue 2/7 from LMX of Qihoo 360 Codesafe Team
>     
>     Obsolete RTMPPacket_Free() call left over from original C++ to C
>     rewrite
> 
> commit 71fe4f2435beaccca046dad3905840615b76b085
> Author: Howard Chu <hyc@highlandsun.com>
> Date:   Wed Dec 23 17:51:39 2015 +0000
> 
>     Fix issue 1/7 from LMX of Qihoo 360 Codesafe Team
>     
>     AMFProp_GetObject must make sure the prop is actually an object

Did these ever get assigned CVEs?


-- 
  Mark Felder
  feld@feld.me
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic