First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 217373
Alias:
Product:
Component:
Status: RESOLVED
Resolution: WONTFIX
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Alexis Ballier <aballier@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 217373 depends on: 217715 Show dependency tree
Bug 217373 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-04-12 10:13 0000 
New in this release
-------------------

This is a bug fix release, containing the following changes:

        * Fixed bounds checking of mode in speex header. relates to:
          http://www.ocert.org/advisories/ocert-2008-2.html
        * Fixed bug preventing device dialog being reopened when
          closed via the window manager.


This is related to bug #216499

I have no idea if this is exploitable or anything, but the code change is
exactly the same as in libfishsound.

------- Comment #1 From Matthias Geerdsen 2008-04-12 14:41:05 0000 ------- 
thanks for the bug/ebuild

arches, please test and mark stable

------- Comment #2 From Matthias Geerdsen 2008-04-12 15:31:02 0000 ------- 
second try... this time even using the "Add Archs" button

so please test media-sound/sweep-0.9.3 and mark stable if possible

------- Comment #3 From Tobias Scherbaum 2008-04-12 18:19:48 0000 ------- 
ppc stable

------- Comment #4 From Markus Rothe 2008-04-13 12:51:32 0000 ------- 
ppc64 stable

------- Comment #5 From Raúl Porcel 2008-04-13 16:28:53 0000 ------- 
sparc/x86 stable

------- Comment #6 From Jesse Adelman 2008-04-13 20:51:45 0000 ------- 
Hrm... Is my error below related to this bug? I've been getting this for a few
days, and I've cleared /usr/portage and http-replicator's cache, with the same
result. Thanks.

---
>>> Emerging (1 of 3) media-sound/sweep-0.9.3 to /
>>> Downloading 'http://gentoo.arcticnetwork.ca/source/distfiles/sweep-0.9.3.tar.gz'
--13:49:20-- 
http://gentoo.arcticnetwork.ca/source/distfiles/sweep-0.9.3.tar.gz
           => `/usr/portage/distfiles/sweep-0.9.3.tar.gz'
Connecting to 192.168.1.55:8081... connected.
Proxy request sent, awaiting response... 200 OK
Length: 1,248,948 (1.2M) [application/x-gzip]

100%[====================================>] 1,248,948    544.90K/s             

13:49:23 (543.37 KB/s) - `/usr/portage/distfiles/sweep-0.9.3.tar.gz' saved
[1248948/1248948]

 * checking ebuild checksums ;-) ...                                      [ ok
]
 * checking auxfile checksums ;-) ...                                     [ ok
]
 * checking miscfile checksums ;-) ...                                    [ ok
]
 * checking sweep-0.9.3.tar.gz ;-) ...                                    [ !!
]

!!! Digest verification failed:
!!! /usr/portage/distfiles/sweep-0.9.3.tar.gz
!!! Reason: Filesize does not match recorded size
!!! Got: 1248948
!!! Expected: 19869
fuji ~ #

------- Comment #7 From Robert Buchholz 2008-04-13 22:35:20 0000 ------- 
(In reply to comment #6)
> Hrm... Is my error below related to this bug? I've been getting this for a few
> days, and I've cleared /usr/portage and http-replicator's cache, with the same
> result. Thanks.

Yes, it is related. It seems the DIST entry got corrupted in one commit. I
resurrected it from before, please emerge --sync and retry.

------- Comment #8 From Markus Meier 2008-04-14 20:17:16 0000 ------- 
amd64 stable, last arch.

------- Comment #9 From Robert Buchholz 2008-04-14 20:43:54 0000 ------- 
reassigning to correct category

------- Comment #10 From Robert Buchholz 2008-04-17 12:16:18 0000 ------- 
speex has been sent as GLSA 200804-17, this also fixes this bug.

------- Comment #11 From Peter Volkov 2008-04-21 08:13:11 0000 ------- 
Fixed in release snapshot.
First Last Prev Next    No search results available      Search page      Enter new bug