Bugzilla – Bug 964398
VUL-0: CVE-2015-8792: The KaxInternalBlock::ReadData function in libMatroska leaks ifnormation
Last modified: 2016-03-28 19:54:16 UTC
CVE-2015-8792 The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8792 https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f https://github.com/Matroska-Org/libmatroska/blob/release-1.4.4/ChangeLog
I have stepped down from maintaining libebml, libmatroska and mkvtoolnix in 2009: http://lists.opensuse.org/opensuse-packaging/2009-08/msg00172.html I know nothing about those packages, the only thing I can do is drop them and replace them with an empty package to make sure the vulnerability is solved by uninstalling them.
bugbot adjusting priority
Already fixed in 13.1, 13.2, Leap 42.1 via openSUSE:Maintenance:4501 which was a version update to 1.4.4 for bug 961031