Bug 8183 - [UPDATE REQUEST 2014.1] libquicktime security vulnerability CVE-2016-2399
: [UPDATE REQUEST 2014.1] libquicktime security vulnerability CVE-2016-2399
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-29 01:15 MSD by Алексей-З
Modified: 2017-08-29 09:34 MSD (History)
2 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrey.bondrov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Алексей-З 2017-07-29 01:15:56 MSD
Marco Romano discovered that libquicktime, a library for reading andwriting QuickTime files, was vulnerable to an integer overflowattack. When opened, a specially crafted MP4 file would cause a denialof service by crashing the application.
Comment 1 Алексей-З 2017-07-29 01:18:17 MSD
Advisory:Fixed integer overflow in libquicktime (CVE-2016-2399)

Build lists:
(libquicktime)
https://abf.io/build_lists/2884435
https://abf.io/build_lists/2884436

(libquicktime-restricted)
https://abf.io/build_lists/2884438
https://abf.io/build_lists/2884439
Comment 2 Vladimir Potapov 2017-08-23 17:20:42 MSD
The update is sent to expanded testing
****************************************
Comment 3 Vladimir Potapov 2017-08-28 18:09:31 MSD
libquicktime-1.2.4-10
https://abf.io/build_lists/2884435
https://abf.io/build_lists/2884436

libquicktime-1.2.4-10plf
https://abf.io/build_lists/2884438
https://abf.io/build_lists/2884439
********************************** Advisory *************************
Fixed integer overflow in libquicktime (CVE-2016-2399)
*********************************************************************
QA Verified