[Cellar] MKVToolNix v28.2.0 released
Moritz Bunkus <moritz@bunkus.org> Thu, 25 October 2018 21:29 UTC
Return-Path: <moritz@bunkus.org>
X-Original-To: cellar@ietfa.amsl.com
Delivered-To: cellar@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EAC0130DFB for <cellar@ietfa.amsl.com>; Thu, 25 Oct 2018 14:29:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bunkus.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tdGlvivnyiAX for <cellar@ietfa.amsl.com>; Thu, 25 Oct 2018 14:29:25 -0700 (PDT)
Received: from adara.bunkus.org (adara.bunkus.org [144.76.6.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EF88130E02 for <cellar@ietf.org>; Thu, 25 Oct 2018 14:29:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bunkus.org; s=mail2018100901; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:To:From; bh=tWMqvFtp6HXYCY8/VICR4LsCFqSh6okIg1CLWGo4B4g=; b=nBE1Ss+flAjFsinVhnjt5BwioykJFB8erJZ9uiK2U5YIvEYpZaycG4j5YEH0sEB4ZOKq2rYRZ7F3VrTXYuvztlI43rSS4gKFaXaA9BSHbDZdyLhQlCpm9uYB8KIVYi04j+Ll8gYKMS1OfLGVRbR4kCnqg37ivkk1f3ag1lMqlvs=;
Received: from liselle.bunkus.org ([2a01:4f8:190:8147::105:1]:48850) by adara.bunkus.org with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82_1-5b7a7c0-XX) (envelope-from <moritz@bunkus.org>) id 1gFnBy-000724-02; Thu, 25 Oct 2018 23:29:22 +0200
Received: from sweet-chili.local (unknown [192.168.191.4]) by liselle.bunkus.org (Postfix) with ESMTPS id 7A9BA654019D; Thu, 25 Oct 2018 23:29:15 +0200 (CEST)
Received: from sweet-chili (localhost [IPv6:::1]) by sweet-chili.local (Postfix) with ESMTP id E9E1E4BCEB77; Thu, 25 Oct 2018 23:29:14 +0200 (CEST)
User-agent: mu4e 1.0; emacs 26.1
From: Moritz Bunkus <moritz@bunkus.org>
To: help Questions <matroska-users@lists.matroska.org>, Cellar list <cellar@ietf.org>
Date: Thu, 25 Oct 2018 23:29:14 +0200
Message-ID: <87va5pn2ad.fsf@bunkus.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/ZCoRxvbcOpV-w_Yui-gDE7dCh-8>
Subject: [Cellar] MKVToolNix v28.2.0 released
X-BeenThere: cellar@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cellar>, <mailto:cellar-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar/>
List-Post: <mailto:cellar@ietf.org>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cellar>, <mailto:cellar-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 21:29:27 -0000
Hey, unfortunately I have to release a third time within a week: this time due to a use-after-free bug in all programs that make up the MKVToolNix package. This type of vulnerability allows arbitrary code execution using specially crafted Matroska files. It was introduced in v5.5.0 and affects all following releases up to and including the latest one, v28.1.0. Hence today's bug fix release. Here are the usual links: …to the source code: https://mkvtoolnix.download/source.html …to the binaries: https://mkvtoolnix.download/downloads.html The Windows and macOS binaries as well as the Linux AppImage are available already. The other Linux binaries are still being built and will be available of the course of the next couple of hours. Here are the NEWS since the previous release: ------------------------------------------------------------ # Version 28.2.0 "The Awakening" 2018-10-25 ## Bug fixes * mkvmerge, mkvinfo, mkvextract, mkvpropedit, MKVToolNix GUI's info tool & chapter editor: fixed a case of memory being accessed after it had been freed earlier. This can be triggered by specially crafted Matroska files and lead to arbitrary code execution. The vulnerability was reported as Cisco TALOS 2018-0694 on 2018-10-25. ------------------------------------------------------------ Have fun :) mosu
- [Cellar] MKVToolNix v28.2.0 released Moritz Bunkus