Erik Sj
Erik Sjölund discovered that abc2ps, a translator for ABC music description files into PostScript, does not check the boundaries when reading in ABC music files resulting in buffer overflows. http://www.debian.org/security/2006/dsa-1041 i apologize if this is a dup of a confidential bug.
The patch may be available from debian sources. Don't have the time to check this atm.
sound team please advise
Can I cry, as debian patches are always a pita? :| I'll see what I can do in a sec...
Uh wait.. is that the same package? because the url refers to "abc2ps", while this bug to "abcm2ps", the version numbers are completely different... we don't even have an abc2ps in portage.
(In reply to comment #2) > sound team please advise media-sound/abcm2ps-3.7.21 is based on abc2ps version 1.2.5. The debian patch fixes the unbounded sscanf() calls in abc2ps.c in abc2ps-1.3.3, but abcm2ps-3.7.21 (the one we have in portage) still has unbounded sscanf() calls, so it is vulnerable. As far as I can tell there is no patch for it yet, I'll work on one today.
(In reply to comment #5) > it is vulnerable. Actually it isn't. I was looking the wrong source code, sorry. Upon further inspection I found that abcm2ps only calls sscanf to read strings once and they are both bounded. Sorry for the confusion.
(In reply to comment #6) > Actually it isn't. OK. So, resolved+invalid ? Sec team, confirm ?
invalid then