Summary: | <media-libs/faac-1.29.9.2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | asturm |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-libs/faac-1.29.9.2
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-10-27 16:44:14 UTC
@Maintainers could you please confirm if 1.28-r4 is affected? Thank you. probably 1.29.9.2 will fix this It looks like the fixes are definitely included since version 1.29 was released in july last year(!), see here: https://sourceforge.net/p/faac/bugs/208/ And it seems that our current stable version IS vulnerable for at least CVE-2017-9130. I can apply the patch to fix this issue against faac-1.28-r4 source. https://sourceforge.net/p/faac/bugs/_discuss/thread/0940294d/b003/attachment/faac_CVE-2017-9130.patch I would suggest as soon as possible to stabilize latest version 1.29.9.2, I use this version for some time now. PING! 2 more weeks have passed, but nothing has happened here. oh well... Don't cc arches without a package list. ppc/ppc64 stable ia64 stable sparc done. x86 stable amd64 stable arm stable Stable on alpha. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed8e89fcf98331b1c04751d93284b8f9b0884b35 commit ed8e89fcf98331b1c04751d93284b8f9b0884b35 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-10-02 12:04:16 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-10-02 12:11:17 +0000 media-libs/faac: Security cleanup Bug: https://bugs.gentoo.org/635602 Package-Manager: Portage-2.3.50, Repoman-2.3.10 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/faac/Manifest | 2 - media-libs/faac/faac-1.28-r4.ebuild | 59 --------- media-libs/faac/faac-1.29.8.3.ebuild | 45 ------- media-libs/faac/files/faac-1.28-altivec.patch | 40 ------ .../faac/files/faac-1.28-external-libmp4v2.patch | 47 ------- media-libs/faac/files/faac-1.28-inttypes.patch | 41 ------ .../files/faac-1.28-libmp4v2_r479_compat.patch | 138 --------------------- 7 files changed, 372 deletions(-) |