Bug 785640 (CVE-2012-0823)
| Summary: | CVE-2012-0823 libvpx: VP8 Codec decoder crash introduced in 0.9.7 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | fweimer, jrb, rcvalle, scorneli, tcallawa |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvpx 1.0.0 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-03-22 14:27:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 789650, 789651 | ||
| Bug Blocks: | 785645 | ||
|
Description
Kurt Seifried
2012-01-30 05:50:40 UTC
Here is the code commit and other information: Code commit: http://code.google.com/p/webm/source/detail?r=9bf3bc9a729ddbc909c589b810a80e5be80c1083&repo=libvpx Original bugs: http://code.google.com/p/webm/issues/detail?id=371 https://bugzilla.mozilla.org/show_bug.cgi?id=696390 Statement: Not vulnerable. This issue did not affect the versions of libvpx as shipped with Red Hat Enterprise Linux 6. Just as an FYI, we pushed 1.0.0 into all active Fedora targets as an update at the same time as Firefox 10. Created libvpx tracking bugs for this issue Affects: fedora-16 [bug 789650] Created libvpx tracking bugs for this issue Affects: epel-5 [bug 789651] The issue was introduced in a later version than shipped with Red Hat Enterprise Linux 6. |