Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 58733 - media-sound/sox buffer overflows
Summary: media-sound/sox buffer overflows
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: B2 [glsa]
Keywords:
: 67482 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-07-29 01:32 UTC by Thierry Carrez (RETIRED)
Modified: 2011-10-30 22:39 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2004-07-29 01:32:15 UTC
From Fedora Core 1 advisory :

----------------------------------
Updated sox packages that fix buffer overflows in the WAV file handling code are now available.

Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted.
----------------------------------

This is CAN-2004-0557.
Patch available at http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128158
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-07-29 01:34:55 UTC
sound team : please apply fix and bump
Comment 2 Chris White (RETIRED) gentoo-dev 2004-07-29 02:19:15 UTC
Bumped to -r2 with patch.

Kept stable keywords as the patch is trivial and would not cause
stability to be hindered in any way.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-29 05:59:50 UTC
GLSA drafted : security please review
Comment 4 Jeremy Huddleston (RETIRED) gentoo-dev 2004-07-29 11:03:11 UTC
Thanks Chris.

I agree with him that  it is trivial and we don't need to ask the archs to rekeyword this version, but alpha has keyworded 12.17.3-r3 but was removed from 12.7.4-r1.

Alpha, pleasse test 12.7.4-r2 on your arch.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-07-30 08:02:17 UTC
GLSA 200407-23
alpha : please remember to mark stable to benefit from the GLSA
Comment 6 Bryan Østergaard (RETIRED) gentoo-dev 2004-07-30 11:25:07 UTC
Stable on alpha - sorry about the delay.
Comment 7 Luke Macken (RETIRED) gentoo-dev 2004-10-13 16:09:51 UTC
*** Bug 67482 has been marked as a duplicate of this bug. ***