Bug#928210: CVE-2019-11471

To: 928210@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@debian.org>
Subject: Bug#928210: CVE-2019-11471
From: Andres Salomon <dilinger@queued.net>
Date: Sun, 19 May 2019 00:30:35 -0700
Message-id: <[🔎] 20190519003035.2201160c@e7470.queued.net>
Reply-to: Andres Salomon <dilinger@queued.net>, 928210@bugs.debian.org
References: <155657349166.20057.17620906597487411103.reportbug@hullmann.westfalen.local>

Hi,

Just FYI, there's a bunch of additional fuzz-related fixes in
libheif's upstream git repo.  I don't see any assigned CVEs other than
the one you've tagged in this bug, but this heap buffer overflow fix in
particular caught my eye as something we may want to include:

https://github.com/strukturag/libheif/issues/125
https://github.com/strukturag/libheif/commit/5a9b7f7564e158c6339f6d78a77de23720b15afd

Reply to:

Prev by Date: Bug#929182: fluidsynth: no sound by default - soundfont location doesn't exist
Next by Date: Bug#925941: nvenc not in ffmpeg
Previous by thread: Bug#929182: fluidsynth: no sound by default - soundfont location doesn't exist
Next by thread: Processing of ffmpeg_4.1.3-1_source.changes
Index(es):
- Date
- Thread