--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-d53d4a79ac
2019-11-17 01:29:40.270849
--------------------------------------------------------------------------------
Name : libmp4v2
Product : Fedora 31
Version : 2.1.0
Release : 0.19.trunkREV507.fc31
URL :
http://code.google.com/p/mp4v2
Summary : Library for working with files using the mp4 container format
Description :
The libmp4v2 library provides an abstraction layer for working with files
using the mp4 container format. This library is developed by mpeg4ip project
and is an exact copy of the library distributed in the mpeg4ip package.
--------------------------------------------------------------------------------
Update Information:
Fix crash made by the new patches ---- Fix
https://nvd.nist.gov/vuln/detail/CVE-2018-14446
https://nvd.nist.gov/vuln/detail/CVE-2018-14403
https://nvd.nist.gov/vuln/detail/CVE-2018-14379
https://nvd.nist.gov/vuln/detail/CVE-2018-14326
https://nvd.nist.gov/vuln/detail/CVE-2018-14325
https://nvd.nist.gov/vuln/detail/CVE-2018-14054 based on
https://github.com/TechSmith/mp4v2/pull/27 and
https://github.com/sergiomb2/libmp4v2/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 8 2019 S��rgio Basto <sergio(a)serjux.com> - 2.1.0-0.19.trunkREV507
- Fix-v3-Integer-underflow-overflow-in-MP4v2-2.0.0
* Sat Nov 2 2019 S��rgio Basto <sergio(a)serjux.com> - 2.1.0-0.18.trunkREV507
- Fix
https://nvd.nist.gov/vuln/detail/CVE-2018-14446
https://nvd.nist.gov/vuln/detail/CVE-2018-14403
https://nvd.nist.gov/vuln/detail/CVE-2018-14379
https://nvd.nist.gov/vuln/detail/CVE-2018-14326
https://nvd.nist.gov/vuln/detail/CVE-2018-14325
https://nvd.nist.gov/vuln/detail/CVE-2018-14054
based on
https://github.com/TechSmith/mp4v2/pull/27
and
https://github.com/sergiomb2/libmp4v2/
- Update spec
- Fix build on epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1769287 - Divide-by-zero crash in libmp4v2
https://bugzilla.redhat.com/show_bug.cgi?id=1769287
[ 2 ] Bug #1603296 - CVE-2018-14054 libmp4v2: Double free in the MP4StringProperty class
in mp4property.cpp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1603296
[ 3 ] Bug #1603236 - CVE-2018-14379 libmp4v2: Type confusion in MP4Atom::factory in
mp4atom.cpp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1603236
[ 4 ] Bug #1603224 - CVE-2018-14403 libmp4v2: Out-of-bounds read in MP4NameFirstMatches
in mp4util.cpp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1603224
[ 5 ] Bug #1601679 - CVE-2018-14325 libmp4v2: Integer underflow in when parsing MP4Atom
in mp4atom.cpp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1601679
[ 6 ] Bug #1601675 - CVE-2018-14326 libmp4v2: Missing check for integer overflow in
mp4array.h:Resize() allows for denial of service via crafted MP4 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1601675
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-d53d4a79ac' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------