[ubuntu/disco-updates] libvpx 1.7.0-3ubuntu0.19.04.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Nov 25 13:58:09 UTC 2019
libvpx (1.7.0-3ubuntu0.19.04.1) disco-security; urgency=medium
* SECURITY UPDATE: double free in ParseContentEncodingEntry
- debian/patches/CVE-2019-2126.patch: set compression_entries_ to NULL
in third_party/libwebm/mkvparser/mkvparser.cc.
- CVE-2019-2126
* SECURITY UPDATE: out of bounds read
- debian/patches/CVE-2019-9232.patch: use unsigned char in
vp8/decoder/dboolhuff.h, vpx_dsp/bitreader.h.
- CVE-2019-9232
* SECURITY UPDATE: out of bounds read
- debian/patches/CVE-2019-9325.patch: fix size in vp9/vp9_dx_iface.c,
vpx_dsp/bitreader_buffer.c, test/decode_api_test.cc.
- CVE-2019-9325
* SECURITY UPDATE: resource exhaustion issue
- debian/patches/CVE-2019-9371-1.patch: fix logic in
third_party/libwebm/mkvparser/mkvparser.cc.
- debian/patches/CVE-2019-9371-2.patch: fix logic in
third_party/libwebm/mkvparser/mkvparser.cc.
- CVE-2019-9371
* SECURITY UPDATE: memory disclosure issue
- debian/patches/CVE-2019-9433.patch: fix use-after-free in
vp8/common/postproc.c.
- CVE-2019-9433
Date: 2019-11-19 16:36:15.052681+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/libvpx/1.7.0-3ubuntu0.19.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list