tag name | libvdpau-1.1.1 (6410719c17ac1e0095bcc5d035cf969650ef2814) |
tag date | 2015-08-31 14:29:34 -0700 |
tagged by | Aaron Plattner <aplattner@nvidia.com> |
tagged object | commit af517f56d6... |
libvdpau versions 1.1 and earlier, when used in setuid or setgid applications,
contain vulnerabilities related to environment variable handling that could
allow an attacker to execute arbitrary code or overwrite arbitrary files. See
CVE-2015-5198, CVE-2015-5199, and CVE-2015-5200 for more details.
This release uses the secure_getenv() function, when available, to fix these
problems. On platforms where secure_getenv() is not available, libvdpau will use
a fallback implementation.
If you use the NVIDIA .run installer packages, please see
https://devtalk.nvidia.com/default/topic/873035 for additional information.
This release also adds tracing of HEVC picture structures to libvdpau_trace.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJV5MdaAAoJEBvvPYQBpohhz7AP/RTHc938ke4U6j96nYJKZ2Vk
Clc9bqublgcY9OwPE5tdfoTXHdrYChiit3JCAOctrOZ+NL04qXYPmpJ9O+XlaUsB
6r2/qeVFMus0TXA5xjkjulWw3mgd6m4wztU+GLOfUzZ8g1NYsaUzV6jBpqNa+Bvx
DzA1BJ7Jqe/Xk+7/FXc66Q1SAHuMlTieutcpPZr7tSV8TnNxmDDlAH30qogoAeCv
1KXNxrpEgID21DJkIL2Z+cmdkfsBb2sz3K63t0dHXyO6hnxPAM+4t+7MBPCMP3aV
jiThrIJutz9hLoZJ5E/NdRZjMEHBmy8u1hanlw6E950gP0eDrSgxrtZ37KkrVGTk
7qqlztMNINR9fiVjd35q4JPFUntbimHqDeAVvb0sJA8hTpFnAn9KiThrAlEHEDsf
wuvwBQN0X/HxOLQZmGQnVPB2KjTHjnCVxDfB3gv7GJLt21YBN9YVB1x6CIPY4ABH
pIoDFslzA7J/OzIN9E6201VGkqkAO7o56urHiztjvtq67oCW4UkUE63VmbGVXrBd
lmljmioVxOBleYl2idAHk8vD4VoqKFGZ0SJCux9StZ2tCr0KKnGtRZpWWRgx0ew6
um+bOtI2XCZYr0BFUG7KukE8hsF4Ji0tEbYsgSjFbC7U5HlR58t2QMN9OemZsVH/
bpvbvXZw6P8DWcp7OPY3
=h2rY
-----END PGP SIGNATURE-----