Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 58733
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 58733 depends on: Show dependency tree
Bug 58733 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-07-29 01:32 0000 
From Fedora Core 1 advisory :

----------------------------------
Updated sox packages that fix buffer overflows in the WAV file handling code are now available.

Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted.
----------------------------------

This is CAN-2004-0557.
Patch available at http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128158

------- Comment #1 From Thierry Carrez (RETIRED) 2004-07-29 01:34:55 0000 ------- 
sound team : please apply fix and bump

------- Comment #2 From Chris White (RETIRED) 2004-07-29 02:19:15 0000 ------- 
Bumped to -r2 with patch.

Kept stable keywords as the patch is trivial and would not cause
stability to be hindered in any way.

------- Comment #3 From Sune Kloppenborg Jeppesen 2004-07-29 05:59:50 0000 ------- 
GLSA drafted : security please review

------- Comment #4 From Jeremy Huddleston (RETIRED) 2004-07-29 11:03:11 0000 ------- 
Thanks Chris.

I agree with him that  it is trivial and we don't need to ask the archs to rekeyword this version, but alpha has keyworded 12.17.3-r3 but was removed from 12.7.4-r1.

Alpha, pleasse test 12.7.4-r2 on your arch.

------- Comment #5 From Thierry Carrez (RETIRED) 2004-07-30 08:02:17 0000 ------- 
GLSA 200407-23
alpha : please remember to mark stable to benefit from the GLSA

------- Comment #6 From Bryan Østergaard (RETIRED) 2004-07-30 11:25:07 0000 ------- 
Stable on alpha - sorry about the delay.

------- Comment #7 From Luke Macken (RETIRED) 2004-10-13 16:09:51 0000 ------- 
*** Bug 67482 has been marked as a duplicate of this bug. ***
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug