Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 341567 (CVE-2010-3349)

Summary: <media-sound/ardour-2.8.11-r1: Insecure Library Loading Arbitrary Code Execution Vulnerability (CVE-2010-3349)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: proaudio
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/bid/44106/info
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2010-10-18 02:42:09 UTC 
From $URL:

Ardour is prone to a vulnerability that lets attackers execute arbitrary code.

A successful exploit can allow the attacker to execute arbitrary code in the context of the user running the affected application.

Ardour 2.8.11 is vulnerable; other versions may also be affected. 


The Debian bug is significantly more useful:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598283
Comment 1 Tim Harder gentoo-dev 2011-04-30 19:54:34 UTC 
Fixed in 2.8.11-r1 in CVS.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-04-30 22:33:33 UTC 
(In reply to comment #1)
> Fixed in 2.8.11-r1 in CVS.

Great, thank you. Closing noglsa as this is stable on zero arches.