* [Buildroot] [PATCH] rtmpdump: security bump to current HEAD
@ 2017-05-15 15:32 Peter Korsgaard
2017-05-16 7:25 ` Thomas Petazzoni
2017-05-17 20:37 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-05-15 15:32 UTC (permalink / raw)
To: buildroot
Fixes:
- CVE-2015-8271: The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows
remote RTMP Media servers to execute arbitrary code
https://www.talosintelligence.com/reports/TALOS-2016-0067/
- CVE-2015-8272: RTMPDump 2.4 allows remote attackers to trigger a denial of
service (NULL pointer dereference and process crash).
https://www.talosintelligence.com/reports/TALOS-2016-0068/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/rtmpdump/rtmpdump.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/rtmpdump/rtmpdump.mk b/package/rtmpdump/rtmpdump.mk
index 19d9b04a2..f5d430ce3 100644
--- a/package/rtmpdump/rtmpdump.mk
+++ b/package/rtmpdump/rtmpdump.mk
@@ -4,7 +4,7 @@
#
################################################################################
-RTMPDUMP_VERSION = a107cef9b392616dff54fabfd37f985ee2190a6f
+RTMPDUMP_VERSION = fa8646daeb19dfd12c181f7d19de708d623704c0
RTMPDUMP_SITE = git://git.ffmpeg.org/rtmpdump
RTMPDUMP_INSTALL_STAGING = YES
# Note that rtmpdump is GPL-2.0 but librtmp has its own license and since we only
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] rtmpdump: security bump to current HEAD
2017-05-15 15:32 [Buildroot] [PATCH] rtmpdump: security bump to current HEAD Peter Korsgaard
@ 2017-05-16 7:25 ` Thomas Petazzoni
2017-05-17 20:37 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2017-05-16 7:25 UTC (permalink / raw)
To: buildroot
Hello,
On Mon, 15 May 2017 17:32:29 +0200, Peter Korsgaard wrote:
> Fixes:
>
> - CVE-2015-8271: The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows
> remote RTMP Media servers to execute arbitrary code
> https://www.talosintelligence.com/reports/TALOS-2016-0067/
>
> - CVE-2015-8272: RTMPDump 2.4 allows remote attackers to trigger a denial of
> service (NULL pointer dereference and process crash).
> https://www.talosintelligence.com/reports/TALOS-2016-0068/
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/rtmpdump/rtmpdump.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] rtmpdump: security bump to current HEAD
2017-05-15 15:32 [Buildroot] [PATCH] rtmpdump: security bump to current HEAD Peter Korsgaard
2017-05-16 7:25 ` Thomas Petazzoni
@ 2017-05-17 20:37 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-05-17 20:37 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes:
> - CVE-2015-8271: The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows
> remote RTMP Media servers to execute arbitrary code
> https://www.talosintelligence.com/reports/TALOS-2016-0067/
> - CVE-2015-8272: RTMPDump 2.4 allows remote attackers to trigger a denial of
> service (NULL pointer dereference and process crash).
> https://www.talosintelligence.com/reports/TALOS-2016-0068/
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-05-17 20:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-15 15:32 [Buildroot] [PATCH] rtmpdump: security bump to current HEAD Peter Korsgaard
2017-05-16 7:25 ` Thomas Petazzoni
2017-05-17 20:37 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.