Opus 1.0.2 fixes an out-of-bounds read that could be triggered by a malicious Opus packet causing an integer wrap-around in the padding code. Considering that the packet would have to be at least 16 MB in size and that no out-of-bounds write is possible, the severity is very low. Other changes include fixes and improvements to the PLC and hybrid mode quality improvements. As usual, this release is fully compliant with the Opus specification. That might resolve bug 436548 as well. There is also a helper library: opusfile 0.2 which is not yet in portage and it is not used by any package yet. However, I know of at least one package which will depend on it in the future for opus playback: (media-sound/moc). It would be nice to have it in the tree before that.
"out of bounds read" is a - although low impact - security issue, so I reassign this to security. CVE is requested on oss-security.
CVE assigned. Maintainer, please ack a stable of 1.0.2-r2.
Maintainer timeout. Arches, please stabilize: =media-libs/opus-1.0.2-r2 Target arches: alpha amd64 arm hppa ppc ppc64 x86
Stable for HPPA.
amd64 stable
x86 stable
ppc64 stable
arm stable
ppc stable
alpha stable
Thanks for your work GLSA vote: no
NO too, thanks everyone.