Register | Log in

liblivemedia

Choose email to subscribe with

general

source: liblivemedia (main)
version: 2018.11.26-1.1
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Sebastian Ramacher [DMD] – Christophe Mutricy [DMD] – Sam Hocevar (Debian packages) [DMD] – Reinhard Tartler [DMD]
arch: any
std-ver: 4.2.1
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2016.11.28-1+deb9u2
o-o-sec: 2016.11.28-1+deb9u2
oldstable: 2018.11.26-1.1

versioned links

2016.11.28-1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2018.11.26-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libbasicusageenvironment1
libgroupsock8
liblivemedia-dev
liblivemedia64
libusageenvironment3
livemedia-utils

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

9 low-priority security issues in buster low

There are 9 open security issues in buster.

4 issues left for the package maintainer to handle:

CVE-2019-15232: (postponed; to be fixed through a stable update) Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
CVE-2019-7733: (needs triaging) In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
CVE-2020-24027: (needs triaging) In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.
CVE-2021-28899: (needs triaging) Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.

You can find information about how to handle these issues in the security team's documentation.

5 ignored issues:

CVE-2021-38380: Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.
CVE-2021-38381: Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
CVE-2021-38382: Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
CVE-2021-39282: Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
CVE-2021-39283: liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.

Created: 2021-02-19 Last update: 2021-09-23 17:00

news

[2021-02-02] liblivemedia REMOVED from testing (Debian testing watch)
[2021-02-01] Removed 2020.01.19-1 from unstable (Debian FTP Masters)
[2020-01-27] liblivemedia 2020.01.19-1 MIGRATED to testing (Debian testing watch)
[2020-01-21] Accepted liblivemedia 2020.01.19-1 (source) into unstable (Sebastian Ramacher)
[2020-01-19] Accepted liblivemedia 2020.01.11-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2020-01-05] liblivemedia 2019.10.11-2 MIGRATED to testing (Debian testing watch)
[2019-12-31] Accepted liblivemedia 2019.10.11-2 (source) into unstable (Sebastian Ramacher)
[2019-12-27] Accepted liblivemedia 2019.10.11-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2019-12-27] Accepted liblivemedia 2019.09.30-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2019-12-27] Accepted liblivemedia 2019.08.28-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2019-12-27] Accepted liblivemedia 2019.08.16-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2019-12-27] Accepted liblivemedia 2019.07.27-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2019-12-27] Accepted liblivemedia 2019.06.28-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2019-12-27] Accepted liblivemedia 2019.05.12-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2019-12-27] Accepted liblivemedia 2019.04.24-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2019-12-27] Accepted liblivemedia 2019.03.06-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2019-05-11] liblivemedia 2018.11.26-1.1 MIGRATED to testing (Debian testing watch)
[2019-05-06] Accepted liblivemedia 2018.11.26-1.1 (source amd64) into unstable (Hugo Lefeuvre)
[2019-03-29] Accepted liblivemedia 2016.11.28-1+deb9u2 (source amd64) into proposed-updates->stable-new, proposed-updates (Hugo Lefeuvre)
[2019-03-18] Accepted liblivemedia 2014.01.13-1+deb8u3 (source amd64) into oldstable (Hugo Lefeuvre)
[2019-03-17] Accepted liblivemedia 2016.11.28-1+deb9u2 (source amd64) into stable->embargoed, stable (Hugo Lefeuvre)
[2019-03-03] Accepted liblivemedia 2019.02.27-1 (source) into experimental (Sebastian Ramacher)
[2019-02-26] Accepted liblivemedia 2014.01.13-1+deb8u2 (source amd64) into oldstable (Hugo Lefeuvre)
[2019-02-04] Accepted liblivemedia 2019.02.03-1 (amd64 source) into experimental, experimental (Sebastian Ramacher)
[2018-12-04] liblivemedia 2018.11.26-1 MIGRATED to testing (Debian testing watch)
[2018-11-28] Accepted liblivemedia 2018.11.26-1 (source) into unstable (Sebastian Ramacher)
[2018-11-23] Accepted liblivemedia 2016.11.28-1+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Hugo Lefeuvre)
[2018-11-23] Accepted liblivemedia 2016.11.28-1+deb9u1 (source amd64) into stable->embargoed, stable (Hugo Lefeuvre)
[2018-11-20] Accepted liblivemedia 2014.01.13-1+deb8u1 (source amd64) into oldstable (Hugo Lefeuvre)
[2018-10-23] liblivemedia 2018.10.17-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, cross
popcon
browse source code
edit tags
other distros
security tracker

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing