---
- branch: MAIN
  date: Sun Oct 25 09:44:10 UTC 2015
  files:
  - new: '1.39'
    old: '1.38'
    path: pkgsrc/devel/libebml/Makefile
    pathrev: pkgsrc/devel/libebml/Makefile@1.39
    type: modified
  - new: '1.25'
    old: '1.24'
    path: pkgsrc/devel/libebml/distinfo
    pathrev: pkgsrc/devel/libebml/distinfo@1.25
    type: modified
  id: 20151025T094410Z.20f76b14a2a8c0b55f830c9264c76d766c1a1db3
  log: |
    Update libebml to 1.3.3:

            * Released v1.3.3.

            * EbmlMaster::Read(): When the parser encountered a deeply nested
            element with an infinite size then a following element of an upper
            level was not propagated correctly. Instead the element with the
            infinite size was added into the EBML element tree a second time
            resulting in memory access after freeing it and multiple attempts
            to free the same memory address during destruction. Fixes the
            issue reported as Cisco TALOS-CAN-0037.

            * EbmlElement::ReadCodedSizeValue(): Fixed an invalid memory
            access. When reading a EBML variable length integer value a read
            access beyond the end of the available buffer was possible if
            fewer bytes were available than indicated by the first byte
            resulting in a heap information leak.

            * EbmlUnicodeString::UpdateFromUTF8(): Fixed an invalid memory
            access. When reading from a UTF-8 string in which the length
            indicated by a UTF-8 character's first byte exceeds the string's
            actual number of bytes the parser would access beyond the end of
            the string resulting in a heap information leak. Fixes the issue
            reported as Cisco TALOS-CAN-0036.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/devel/libebml'
  unixtime: '1445766250'
  user: wiz