From ${URL} : A remote code execution vulnerability in silk/NLSF_stabilize.c in libopus could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. Upstream patch: https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409 References: https://source.android.com/security/bulletin/2017-01-01.html @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
@sec, you can proceed with stabilising opus-1.1.3-r1 commit fedc905f2f73265c4108e2a4b359846d10dee66d Author: David Seifert <soap@gentoo.org> Date: Fri Jan 20 19:53:40 2017 +0100 media-libs/opus: Add patch for CVE-2017-0381 Gentoo-bug: 605894
@ Arches, please test and mark stable: =media-libs/opus-1.1.3-r1
Stable on alpha.
Stable for HPPA PPC64.
amd64 stable
x86 stable
ppc stable
sparc stable
ia64 stable
arm stable, all arches done.
New GLSA request filed. @ Maintainer(s): Please cleanup and drop <media-libs/opus-1.1.3-r1!
This issue was resolved and addressed in GLSA 201702-21 at https://security.gentoo.org/glsa/201702-21 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for cleanup. @ Maintainer(s): Please cleanup and drop <media-libs/opus-1.1.3-r1!
tree is clean.