Some vulnerabilities have been reported in FLAC, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to integer overflow errors in various components when processing FLAC media files and can be exploited to cause heap-based buffer overflows via specially-crafted FLAC media files. Successful exploitation allows execution of arbitrary code. The vulnerabilities are reported in version 1.2.0. Prior versions and other applications using the vulnerable library may also be affected. Solution: Update to version 1.2.1.
Sound, please check whether our latest stable version is also affected.
sound, assuming our current stable is also vulnerable, how do we proceed? Is 1.2.1* ok to go stable or should we try to fix to 1.1.X ?
We are stabilizing 1.2.1 but because it has a TEXT RELOCATION patch from PaX Team to go with I _strongly_ advice _every_ arch team to test both encoding and decoding properly. This version is API/ABI compatible with 1.1.4 which was going stable anyway so you _need_ to do bugs depending on this bug first, and yes, that means also _entire_ gstreamer with plugins.
*** Bug 191280 has been marked as a duplicate of this bug. ***
Should have mention, it's media-libs/flac-1.2.1-r1
x86 stable
amd64 stable
Why was RESTRICT=test added?
Stable for HPPA and SPARC.
(In reply to comment #8) > Why was RESTRICT=test added? > Temporary measure, drac is gonna find the problems and report upstream.
Sparc is not stable because reverse dependencies (which this bug depends on) aren't resolved yet. 20:27 <+CIA-29> jer * gentoo-x86/media-libs/flac/ (ChangeLog flac-1.2.1-r1.ebuild): 20:27 <+CIA-29> Reverting sparc stabilisation due to reverse dependencies I cannot test.
alpha/ia64 stable, thanks Tobias
ppc64 stable
ppc stable
sparc stable, this is ready for glsa
request filed.
GLSA 200711-15
