Summary: | media-video/kaffeine buffer overflow (CVE-2006-0051) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | normal | CC: | carlo, flameeyes, halcy0n, propolice, tsunam | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | B2 [glsa] jaervosz | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2006-03-23 09:15:25 UTC
Created attachment 82941 [details, diff]
kaffeine-input-http.patch
CC'ing flameeyes and carlo. Please don't commit anything to Portage yet, instead attach any updated ebuilds to this bug and we'll call arch security liaisons to test. Created attachment 83042 [details]
kaffeine-0.7.1-r1.ebuild
Take it as -r1 or name it as -r2, this is the ebuild..
Created attachment 83043 [details, diff]
kaffeine-0.7.1-input-http.patch
This patch is needed because the other doesn't apply cleanly on source tarball.
Arch Security Liaisons please test and report back on this bug. Do NOT put anything in Portage at this point. amd64 -> blubb ppc -> dertobi123 ppc64 -> corsair x86 -> halcy0n FWIW, ~arch is fixed as I've just added version 0.8 that does not seem to use that code anymore. 0.8 works fine on my ppc64 machine. should we go ahead and mark stable? (as it is already in ~arch) No, 0.8 has too many new features yet to be tested, starting from that ripping interface I don't trust at all. I'd rather add a 0.7.1-r2 if required. It's 20060403 (UTC) now, what's the status of this? Sorry about the delay, the 0.7.1 version looks fine for x86 No announcement yet on the main KDE site. Arch Security Liaisons please test and report back. blubb gave me the ok for amd64 as long as it worked there. ppc and ppc64? public now If anything else is needed from x86, please contact tsunam. I'll be gone until Friday. stable on ppc64 ppc stable, sorry for the delay GLSA drafted, Security please review. Thx everyone. GLSA 200604-04 *** Bug 129390 has been marked as a duplicate of this bug. *** |