Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5928-1] libvpx security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5928-1] libvpx security update


Chronologisch Thread  
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5928-1] libvpx security update
  • Date: Wed, 28 May 2025 20:33:37 +0000
  • Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1uKNSz-00Chdr-GS AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=i32fioyP4wZrcRTvVL7BN6Ap3wEj9Q7V8krzYF1NwhI=; b=Qg 7IlV+Ig7A4+DbwdX8HI7jHRr6NSEp8aOhiLzyKsgabAI3X0xUZ6tdsFmhQbl6SApnXExUFi6VYZSA uzoySSNMUrPNo83Hwpk7wYTza86Y9BuoiElagU0krQDMwQ015B6/7wBrLvI7aq+NqddqDZr49PgE3 jqRykV5OhKaX3UX2z5Ae1EbPqxEfhgTWsWUCtGxa1ExDEoDy5kCw/lxa/f9SBhNdu+0GKHx0sHA1D uo2pPkMaw1zVtieFdkQNLLyFIj+J6UbdFl17kLZgJyoCOgq5KmEdZIv5JEmnoGUQkjjuMgV031JND 2Zyqi6YzQOB5V7aeJXZ1xEq8jWNVHTSA==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 28 May 2025 20:34:00 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <y1JJvW5YM0G.A.dpQI.4M3NoB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5928-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 28, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libvpx
CVE ID : CVE-2025-5283
Debian Bug : 1106689

It was discovered that a double-free in the encoder of libvpx, a
multimedia library for the VP8 and VP9 video codecs, may result in
denial of service and potentially the execution of arbitrary code.

For the stable distribution (bookworm), this problem has been fixed in
version 1.12.0-1+deb12u4.

We recommend that you upgrade your libvpx packages.

For the detailed security status of libvpx please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libvpx

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmg3cvxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QxRA/8DYbjPnAk+skIK83XkeQU8TElsQor65smeK/7tRoSfxOPOQR7Gkko3ZSc
8f7a055g/ujfK8r9mGiUVUnfvutb5yuYlOZXvctUgQoVdCJRH4EaeURTak9P4tzL
25KCNv7cQpB5Ss0kx7WzQ3HwwHP/e3MFXJbYmmndutkUWrwfFOkP6yLr81OhIXH7
jjwLenG6m22uQAGERdliRUMDASNHvnHWJOjgpAWNNOcYWQK4GxByHhdk1jyFb3lR
ImLgPUC9ycYkCtIqb2eyARVIl+s+51lBcB0Yj0jL/a3S+dhKWm9WDo/lqjQTu+jC
0FAN1hGkN9HVqypySfXN2u4ztnjxYcR5DVMBzIvCXe+qDlEYcf7iWgA3uzNVu6De
vFtoF/4Co0sn4deS2F4gJGLadrzxoxQjB1LP8rgnwy9XmRuMxSqozeXZp8U6Zn5v
/udBB/5b4tZhrDz0loyEsSsp0XjRbU5ky/SXOCjyk7M/pRVTWi41xwZNP7597ju5
vEXSmh9f0KT3k+80z5gXFnTd9MDk3KN1VGoIPx91SnpYejBRL/64hG7LyZVr29TP
umRSF0nX3MwwM4WQIR/LRLias92S5wnqa28japo+WAYZ3j4fdZ1jatd7C9RFHvif
JI84wdVChM5UPbK/v2pnjDqIgAffJ38hni0G9paskQwaVd0rpMk=
=ZvdT
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 5928-1] libvpx security update, Salvatore Bonaccorso, 28.05.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang