Your message dated Fri, 15 Mar 2019 18:23:01 +0100
with message-id <20190315172301.gb24...@ramacher.at>
and subject line Re: Bug#924656: liblivemedia: CVE-2019-7314: mishandling of
RTSP stream termination causes use-after-free and crash
has caused the Debian Bug report #924656,
regarding liblivemedia: CVE-2019-7314: mishandling of RTSP stream termination
causes use-after-free and crash
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
924656: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924656
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: liblivemedia
Version: 2018.11.26-1
Severity: normal
Tags: security upstream
Hi,
The following vulnerability was published for liblivemedia.
CVE-2019-7314[0]:
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an
RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a
Use-After-Free error that causes the RTSP server to crash (Segmentation
fault) or possibly have unspecified other impact.
We might want to fix this in Buster, the patch is straightforward. I can
provide a debdiff if needed, already uploaded fixes for stretch and jessie.
regards,
Hugo
[0] https://security-tracker.debian.org/tracker/CVE-2019-7314
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 2019.02.03-1
Marking as fixed with the upload of 2019.02.03-1.
On 2019-03-15 15:21:29, Hugo Lefeuvre wrote:
> Source: liblivemedia
> Version: 2018.11.26-1
> Severity: normal
> Tags: security upstream
>
> Hi,
>
> The following vulnerability was published for liblivemedia.
>
> CVE-2019-7314[0]:
> liblivemedia in Live555 before 2019.02.03 mishandles the termination of an
> RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a
> Use-After-Free error that causes the RTSP server to crash (Segmentation
> fault) or possibly have unspecified other impact.
>
> We might want to fix this in Buster, the patch is straightforward. I can
> provide a debdiff if needed, already uploaded fixes for stretch and jessie.
>
> regards,
> Hugo
>
> [0] https://security-tracker.debian.org/tracker/CVE-2019-7314
>
> --
> Hugo Lefeuvre (hle) | www.owl.eu.com
> RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
> ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
--
Sebastian Ramacher
signature.asc
Description: PGP signature
--- End Message ---
