Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader

To: Sebastian Ramacher <sramacher@debian.org>
Cc: 924655@bugs.debian.org
Subject: Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader
From: Hugo Lefeuvre <hle@debian.org>
Date: Fri, 15 Mar 2019 15:43:15 +0100
Message-id: <[🔎] 20190315144315.GC1483@behemoth.owl.eu.com.local>
Reply-to: Hugo Lefeuvre <hle@debian.org>, 924655@bugs.debian.org
In-reply-to: <20190315143551.GA15425@ramacher.at>
References: <[🔎] 20190315140521.GA1483@behemoth.owl.eu.com.local> <20190315143551.GA15425@ramacher.at> <[🔎] 20190315140521.GA1483@behemoth.owl.eu.com.local>

Hi,

> Unless a CVE affects the client part of the library, I don't think it's
> worth it. The client part is the only part used by reverse dependencies.

What do you mean exactly with client part? The affected code is located
in liveMedia/RTSPServer.cpp.

regards,
Hugo

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader
  - From: Sebastian Ramacher <sramacher@debian.org>

References:
- Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: Bug#924656: liblivemedia: CVE-2019-7314: mishandling of RTSP stream termination causes use-after-free and crash
Next by Date: Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader
Previous by thread: Bug#924655: marked as done (liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader)
Next by thread: Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader
Index(es):
- Date
- Thread