From Fedora Core 1 advisory : ---------------------------------- Updated sox packages that fix buffer overflows in the WAV file handling code are now available. Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted. ---------------------------------- This is CAN-2004-0557. Patch available at http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128158
sound team : please apply fix and bump
Bumped to -r2 with patch. Kept stable keywords as the patch is trivial and would not cause stability to be hindered in any way.
GLSA drafted : security please review
Thanks Chris. I agree with him that it is trivial and we don't need to ask the archs to rekeyword this version, but alpha has keyworded 12.17.3-r3 but was removed from 12.7.4-r1. Alpha, pleasse test 12.7.4-r2 on your arch.
GLSA 200407-23 alpha : please remember to mark stable to benefit from the GLSA
Stable on alpha - sorry about the delay.
*** Bug 67482 has been marked as a duplicate of this bug. ***