Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711226 (CVE-2018-19800, CVE-2018-19801, CVE-2018-19802, CVE-2019-1010222, CVE-2019-1010223, CVE-2019-1010224) - <media-libs/aubio-0.4.9: Multiple vulnerabilities (CVE-2018-{1980019801,19802},CVE-2019-{1010222,1010223,1010224})
Summary: <media-libs/aubio-0.4.9: Multiple vulnerabilities (CVE-2018-{1980019801,19802...
Status: RESOLVED FIXED
Alias: CVE-2018-19800, CVE-2018-19801, CVE-2018-19802, CVE-2019-1010222, CVE-2019-1010223, CVE-2019-1010224
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords: CC-ARCHES
Depends on: 692344
Blocks:
  Show dependency tree
 
Reported: 2020-03-01 20:40 UTC by Sam James
Modified: 2020-07-27 20:18 UTC (History)
1 user (show)

See Also:
Package list:
=media-libs/aubio-0.4.9
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-01 20:40:42 UTC
1) CVE-2019-1010223

Description:
"aubio 0.4.8 and earlier is affected by: Buffer Overflow. The impact is: buffer overflow in strcpy. The component is: tempo. The fixed version is: after commit b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5."

URL: https://www.cvedetails.com/cve/CVE-2019-1010223/

2) CVE-2019-1010224

Description:
"aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash (DoS). The component is: onset. The fixed version is: after commit e4e0861cffbc8d3a53dcd18f9ae85797690d67c7."

URL: https://www.cvedetails.com/cve/CVE-2019-1010224/
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-01 20:42:53 UTC
3) CVE-2019-1010222

Description:
"aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e."

URL: https://www.cvedetails.com/cve/CVE-2019-1010222/
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2020-05-22 01:23:23 UTC
CVE-2019-1010222
    CVE ID: CVE-2019-1010222
   Summary: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19801. Reason: This candidate is a reservation duplicate of CVE-2018-19801. Notes: All CVE users should reference CVE-2018-19801 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
 Published: 2019-07-22T18:15:11.000Z
--------------------------------------------------------------------------------
     State: REJECTED
      Bugs:

CVE-2019-1010223
    CVE ID: CVE-2019-1010223
   Summary: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19800. Reason: This candidate is a reservation duplicate of CVE-2018-19800. Notes: All CVE users should reference CVE-2018-19800 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
 Published: 2019-07-22T18:15:11.000Z
--------------------------------------------------------------------------------
     State: REJECTED
      Bugs:

CVE-2019-1010224
    CVE ID: CVE-2019-1010224
   Summary: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19802. Reason: This candidate is a reservation duplicate of CVE-2018-19802. Notes: All CVE users should reference CVE-2018-19802 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
 Published: 2019-07-22T18:15:11.000Z
--------------------------------------------------------------------------------
     State: REJECTED
      Bugs:
__________________________

Leaving Rejected CVE's so that able to search, but putting in new proper numbers in as well.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-20 00:46:02 UTC
Masked USE=doc for now for bug 679184. Stabilising...
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2020-06-20 13:49:25 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-06-21 17:10:31 UTC
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-06-22 06:59:22 UTC
amd64 stable
Comment 7 Rolf Eike Beer archtester 2020-06-24 17:46:21 UTC
sparc stable
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-24 22:33:35 UTC
Please cleanup.
Comment 9 Larry the Git Cow gentoo-dev 2020-07-16 01:06:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3fada402b4218b1e0e6e731900d6f889f1939d82

commit 3fada402b4218b1e0e6e731900d6f889f1939d82
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-07-16 00:29:08 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-16 01:01:34 +0000

    media-libs/aubio: security cleanup
    
    Bug: https://bugs.gentoo.org/711226
    Package-Manager: Portage-2.3.99, Repoman-2.3.23
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/aubio/Manifest                       |   2 -
 media-libs/aubio/aubio-0.4.7-r1.ebuild          | 123 -----------------------
 media-libs/aubio/aubio-0.4.8.ebuild             | 124 ------------------------
 media-libs/aubio/files/aubio-0.4.8-docdir.patch |  20 ----
 4 files changed, 269 deletions(-)