CVE-2008-7185 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7185): GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.
The affected function has been removed two months before the vulnerability report: http://git.gnome.org/cgit/rhythmbox/commit/?id=5d8c34c60b6d89c209da2afc3fd2bc62211785e6 It is still in 0.11.5, but not in 0.11.6. Can someone try to reproduce with our stable versions?
Created attachment 227533 [details] ddos-test.pls due to a lack of known bad file I had to rely on a random try.
0.12.* seems to be fine with the attache pls file.
Vulnerable versions are not in the tree anymore. GLSA Vote: no.
GLSA Vote: no -> Closing. Feel free to reopen if you disagree.