Fedora 28 FEDORA-2019-79cb2bb18e Critical: libmediainfo Buffer Overflow

This package contains the shared library for MediaInfo.

MediaInfo supplies technical and tag information about a video or

audio file.

What information can I get from MediaInfo?

* General: title, author, director, album, track number, date, duration...

* Video: codec, aspect, fps, bitrate...

* Audio: codec, sample rate, channels, language, bitrate...

* Text: language of subtitle

* Chapters: number of chapters, list of chapters

DivX, XviD, H263, H.263, H264, x264, ASP, AVC, iTunes, MPEG-1,

MPEG1, MPEG-2, MPEG2, MPEG-4, MPEG4, MP4, M4A, M4V, QuickTime,

RealVideo, RealAudio, RA, RM, MSMPEG4v1, MSMPEG4v2, MSMPEG4v3,

VOB, DVD, WMA, VMW, ASF, 3GP, 3GPP, 3GP2

What format (container) does MediaInfo support?

* Video: MKV, OGM, AVI, DivX, WMV, QuickTime, Real, MPEG-1,

MPEG-2, MPEG-4, DVD (VOB) (Codecs: DivX, XviD, MSMPEG4, ASP,

H.264, AVC...)

* Audio: OGG, MP3, WAV, RA, AC3, DTS, AAC, M4A, AU, AIFF

* Subtitles: SRT, SSA, ASS, SAMI

Fix CVE-2019-11372

* Mon Apr 22 2019 Vasiliy N. Glazov - 18.12-3

- Fix CVE-2019-11372

* Fri Feb 1 2019 Fedora Release Engineering - 18.12-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Thu Dec 13 2018 Vasiliy N. Glazov - 18.12-1

- Update to 18.12

* Tue Nov 27 2018 Igor Gnatenko - 18.08.1-2

- Rebuild for tinyxml2 7.x

* Tue Sep 11 2018 Vasiliy N. Glazov - 18.08.1-1

- Update to 18.08.1

* Mon Sep 3 2018 Vasiliy N. Glazov - 18.08-1

- Update to 18.08

* Fri Jul 13 2018 Fedora Release Engineering - 18.05-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Thu May 10 2018 Vasiliy N. Glazov - 18.05-1

- Update to 18.05

[ 1 ] Bug #1701849 - CVE-2019-11372 CVE-2019-11373 libmediainfo: various flaws [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1701849

[ 2 ] Bug #1701847 - CVE-2019-11372 CVE-2019-11373 libmediainfo: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1701847

su -c 'dnf upgrade --advisory FEDORA-2019-79cb2bb18e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/