-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 14 Mar 2019 09:25:20 +0100 Source: liblivemedia Binary: liblivemedia-dev libbasicusageenvironment1 libgroupsock8 liblivemedia57 libusageenvironment3 livemedia-utils Architecture: source amd64 Version: 2016.11.28-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Hugo Lefeuvre <hle@debian.org> Description: libbasicusageenvironment1 - multimedia RTSP streaming library (BasicUsageEnvironment class) libgroupsock8 - multimedia RTSP streaming library (network interfaces and sockets liblivemedia-dev - multimedia RTSP streaming library (development files) liblivemedia57 - multimedia RTSP streaming library libusageenvironment3 - multimedia RTSP streaming library (UsageEnvironment classes) livemedia-utils - multimedia RTSP streaming tools Changes: liblivemedia (2016.11.28-1+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2019-6256: denial of service when processing get and post with identical x-session-cookie within the same tcp session. * CVE-2019-7314: use-after-free during RTSP stream termination. * CVE-2019-9215: malformed headers lead to invalid memory access in the parseAuthorizationHeader function. Checksums-Sha1: e0da027b2ed3632f7e9b884a8bca91b5ccccb07a 2185 liblivemedia_2016.11.28-1+deb9u2.dsc 6df30a0c20c973e4f7f0dd1030a863fb6329cd7a 626781 liblivemedia_2016.11.28.orig.tar.gz 4f3c1be9fc06dc03d5b40129bfbfec133ffb4779 15200 liblivemedia_2016.11.28-1+deb9u2.debian.tar.xz d942b55f27e4b609b54bc43073ea48b29038e651 41508 libbasicusageenvironment1-dbgsym_2016.11.28-1+deb9u2_amd64.deb 8e2f0e7843e0c4df7fc945b19dcc6f75de9d9140 21792 libbasicusageenvironment1_2016.11.28-1+deb9u2_amd64.deb 531f93df51a431006b80fa110d30c458d261c2a7 63818 libgroupsock8-dbgsym_2016.11.28-1+deb9u2_amd64.deb f5f910439b454303fdddc074a3f11ec1592e3957 27350 libgroupsock8_2016.11.28-1+deb9u2_amd64.deb 273fbc9009a580df9c258d6a63522145585d4bf9 164698 liblivemedia-dev_2016.11.28-1+deb9u2_amd64.deb d2fe87e6f3f13337e6468585d06516fe1b67ea75 950014 liblivemedia57-dbgsym_2016.11.28-1+deb9u2_amd64.deb 1956cd8733886e372a54215deebb10682593b2aa 310490 liblivemedia57_2016.11.28-1+deb9u2_amd64.deb a610aed35c74b8641467bff014d6898653896258 8765 liblivemedia_2016.11.28-1+deb9u2_amd64.buildinfo 608067172457619c6588266c65edeaf216de788a 9596 libusageenvironment3-dbgsym_2016.11.28-1+deb9u2_amd64.deb c44b3b7bb668d251ce80e88ebb416d7c12bd030c 12576 libusageenvironment3_2016.11.28-1+deb9u2_amd64.deb b786b2523fb6c372799356501ea4cd91e2d47129 277152 livemedia-utils-dbgsym_2016.11.28-1+deb9u2_amd64.deb 53b682167866bfd5d520b0bb8ef628017d441e4d 71942 livemedia-utils_2016.11.28-1+deb9u2_amd64.deb Checksums-Sha256: 06bdf21874508ebd750277a5954b3a1330c669ed3adbea454dbb2787fa44d835 2185 liblivemedia_2016.11.28-1+deb9u2.dsc 08b93a20bc302bed1da2f05621f37fda962dbfc272132afa6fa1058d222c238a 626781 liblivemedia_2016.11.28.orig.tar.gz 2558bbc93721d8f4306064e818a6f522e6a2cc93c0957d4c1bf2b6eb836892da 15200 liblivemedia_2016.11.28-1+deb9u2.debian.tar.xz af674740cc9f1fd9b481ef60a31a8e7514784ea231b9182e84783abdb8487b56 41508 libbasicusageenvironment1-dbgsym_2016.11.28-1+deb9u2_amd64.deb ada471be06ad598ef7837c78812e7c6ec2357d4fd7a0038900a132d25dc71179 21792 libbasicusageenvironment1_2016.11.28-1+deb9u2_amd64.deb a47df6ad62edcdac6bed3bd1aa592b6306c3a9b688e81dd8f10538346fa658eb 63818 libgroupsock8-dbgsym_2016.11.28-1+deb9u2_amd64.deb d555d2425185748769234a6a77bef0f38bef2d9575bf39fe1fc48d6ce2d8f603 27350 libgroupsock8_2016.11.28-1+deb9u2_amd64.deb f20fdae70e8ccd66db40e204ce00ee3d21db1c7ed3f62f7fc899554fcaa4587f 164698 liblivemedia-dev_2016.11.28-1+deb9u2_amd64.deb 77211478e410d867deff539a0828fa1a95eb8566f509c623637a28f69542e4f8 950014 liblivemedia57-dbgsym_2016.11.28-1+deb9u2_amd64.deb 52f1518266b5d6f16715d02b2c857ff04d64edd084304f84713a16f955814247 310490 liblivemedia57_2016.11.28-1+deb9u2_amd64.deb fe765ffbd4d3841c4b5e3941221dbd7a1dcca2065af4ceb027f6a0eb9b65166c 8765 liblivemedia_2016.11.28-1+deb9u2_amd64.buildinfo 4e0d9cdd6dd6132534331d3d063d5f81142902a65ba47e2514213a6b18efb338 9596 libusageenvironment3-dbgsym_2016.11.28-1+deb9u2_amd64.deb e972d3b33b2701dc63adb59d9259884071d66e358fef57917cf9e7e0dff00c0f 12576 libusageenvironment3_2016.11.28-1+deb9u2_amd64.deb fd1e6db2a9a9931dfac2fd11b29c057e3f4e314821749a7a555e0e480cfcc447 277152 livemedia-utils-dbgsym_2016.11.28-1+deb9u2_amd64.deb e63da401a01f02460271053a654ec17080471e78f1c84630261e2866301bba36 71942 livemedia-utils_2016.11.28-1+deb9u2_amd64.deb Files: cfbfb4758108c242c1b491ca377cc43a 2185 libs optional liblivemedia_2016.11.28-1+deb9u2.dsc 60dcc25f77364f40d630dbd6ab354ea0 626781 libs optional liblivemedia_2016.11.28.orig.tar.gz 0df92e22e49d81a0c7bacdbd0107317c 15200 libs optional liblivemedia_2016.11.28-1+deb9u2.debian.tar.xz d439abfe3ba17d14de86c1ffe39cfbea 41508 debug extra libbasicusageenvironment1-dbgsym_2016.11.28-1+deb9u2_amd64.deb 74576c9cf68750f491157422de1fc4d1 21792 libs optional libbasicusageenvironment1_2016.11.28-1+deb9u2_amd64.deb 1ac87e072c68965ab6f44dd5bf21c910 63818 debug extra libgroupsock8-dbgsym_2016.11.28-1+deb9u2_amd64.deb 46d746b1ae52756a8b687f641018274f 27350 libs optional libgroupsock8_2016.11.28-1+deb9u2_amd64.deb ae2e2c3f304a28a499a232de51d94ce4 164698 libdevel optional liblivemedia-dev_2016.11.28-1+deb9u2_amd64.deb 798423f1f9a041d2640e72b8f4db3a78 950014 debug extra liblivemedia57-dbgsym_2016.11.28-1+deb9u2_amd64.deb 3e7a992a632d956611d9635e43e7c70f 310490 libs optional liblivemedia57_2016.11.28-1+deb9u2_amd64.deb 4cb666422f8074847b6e0bccaf556cb1 8765 libs optional liblivemedia_2016.11.28-1+deb9u2_amd64.buildinfo 2efe090e7f2ac3a05fbf0effd386c76f 9596 debug extra libusageenvironment3-dbgsym_2016.11.28-1+deb9u2_amd64.deb 73bfac093e6921dec8e88b064d3dbb70 12576 libs optional libusageenvironment3_2016.11.28-1+deb9u2_amd64.deb 54df4df579c3db77f47c7caf766bd2fe 277152 debug extra livemedia-utils-dbgsym_2016.11.28-1+deb9u2_amd64.deb a960184eaf6d444f8d26556c402bb5f7 71942 net optional livemedia-utils_2016.11.28-1+deb9u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlyLq3AACgkQZYVUZx9w 0DT4NQf/YsQI1vCVpuDbixx0ucHvDfZ2/0AQxzja7n/TCBcGva6r+gySa1ETPLfD EEcKwio1M6AyyCO8vbpn/BekSS9jj+U775vxg2YqbX/Qmr8C2kV5TqdoNFyIq8tS uqIgzCZzbHE8unjmxaYQSSZAjBJFEnrBFWzPK00srCSOWS6cUcjS/8ic8JpEjIMm MfI6dcnaibs1/nAMn9dIg0/unI+Vthj/pJYCe/VEyLBSHmV69pD00O2jW9HlWsW9 XZlp0T+afgWjiGqypfUv3Uux0eHm69VEZY5m5pI+M48EM6lsXypHYX72zMA4mSR4 m1iRdrkaC0pr/AzxkTMszvP0xpgT3w== =hMxW -----END PGP SIGNATURE-----