From ${URL} : Description A vulnerability has been reported in mpg123, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error when decoding MP3 files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 1.18.0. Solution: Update to version 1.18.0. Provided and/or discovered by: PAN Myautsai in a bug report. Original Advisory: http://mpg123.org/cgi-bin/news.cgi @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
> @maintainer(s): since the fixed package is already in the tree, please let > us know if it is ready for the stabilization or not. Sure, go ahead.
Arches, please test and mark stable =media-sound/mpg123-1.18.1 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
(In reply to Sergey Popov from comment #2) > Arches, please test and mark stable =media-sound/mpg123-1.18.1 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for HPPA.
amd64 stable
x86 stable
alpha stable
arm stable
ia64 stable
ppc64 stable
ppc stable
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. New GLSA Request filed.
Cleanup done.
This issue was resolved and addressed in GLSA 201502-01 at http://security.gentoo.org/glsa/glsa-201502-01.xml by GLSA coordinator Mikle Kolyada (Zlogene).