TEMP-0000000-EDE9DA

NameTEMP-0000000-EDE9DA
DescriptionGHSA-5gf7-wjfm-vmvm: Out-of-bounds bit clears for negative Matroska ReadOrder values
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libass (PTS)bullseye1:0.15.0-2fixed
bookworm1:0.17.1-1fixed
trixie1:0.17.3-1fixed
sid, forky1:0.17.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libasssourcebullseye(not affected)
libasssourcebookworm(not affected)
libasssourcetrixie(not affected)
libasssource(unstable)1:0.17.5-1

Notes

[trixie] - libass <not-affected> (Vulnerable code not present)
[bookworm] - libass <not-affected> (Vulnerable code not present)
[bullseye] - libass <not-affected> (Vulnerable code not present)
https://github.com/libass/libass/security/advisories/GHSA-5gf7-wjfm-vmvm
Introduced with: https://github.com/libass/libass/commit/dcc9eb722ebd485d2ed0e21c261b0a1b05497154 (0.17.4)
Fixed with: https://github.com/libass/libass/commit/23da65a130bb8c5b2cf0c7df0dd7d424607f98f1 (0.17.5)
https://github.com/libass/libass/issues/937

Search for package or bug name: Reporting problems