Have a look at this email from bugtraq: http://www.securityfocus.com/archive/1/439432/30/0/threaded I'll guess this also effects media-plugins/xmms-adplug Regards Alex (eroyf)
Sound please advise. The following is a short summary from URL: The library is affected by various heap and stack overflow vulnerabilities. As intuitable by the types of bugs almost all the unpacking instructions don't verify the size of the destination buffers and trust in the values provided by the same files which are used for allocating the needed buffers (except in the CFF files where it has a fixed size).
according to the website the fix is in the CVS so i'll wait a few days and see if the upstream releases a new version. If not i'll patch it.
Thx Luis, setting it to upstream status for now.
Arch teams; please mark audacious 1.1.0 stable as it has a patched AdPlug backend. (As it does not use an external AdPlug, we do not have to wait for upstream to release. The necessary patches have been pinched from their CVS and are already applied.)
Handling audacious stable marking on bug #139957.
Ok a couple of days have passed, changing to ebuild status.
(In reply to comment #2) > according to the website the fix is in the CVS so i'll wait a few days and see > if the upstream releases a new version. If not i'll patch it. metalgod, please patch.
Sound, any news on this one?
From what i saw xmms-adplug isn't affected... it's just a plugin. Since the main library is fixed the plugin is fine too. So now we only need to stablize adplug. Arches please stablize adplug-2.0.1. And to be more safe stablize xmms-adplug-1.2 too.
ppc stable
sparc stable.
x86 isn't last horray! ^.^
amd64 stable.
This one is ready for GLSA.
(In reply to comment #14) > This one is ready for GLSA. > and this one is done :) GLSA 200609-06
