Summary: | media-libs/flac < 1.2.1 Media File Processing Integer Overflow Vulnerabilities (CVE-2007-4619) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tobias Heinlein (RETIRED) <keytoaster> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sound |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/27210/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 190900, 191277, 191278, 191283, 191286, 191292 | ||
Bug Blocks: |
Description
Tobias Heinlein (RETIRED)
2007-10-13 13:42:04 UTC
Sound, please check whether our latest stable version is also affected. sound, assuming our current stable is also vulnerable, how do we proceed? Is 1.2.1* ok to go stable or should we try to fix to 1.1.X ? We are stabilizing 1.2.1 but because it has a TEXT RELOCATION patch from PaX Team to go with I _strongly_ advice _every_ arch team to test both encoding and decoding properly. This version is API/ABI compatible with 1.1.4 which was going stable anyway so you _need_ to do bugs depending on this bug first, and yes, that means also _entire_ gstreamer with plugins. *** Bug 191280 has been marked as a duplicate of this bug. *** Should have mention, it's media-libs/flac-1.2.1-r1 x86 stable amd64 stable Why was RESTRICT=test added? Stable for HPPA and SPARC. (In reply to comment #8) > Why was RESTRICT=test added? > Temporary measure, drac is gonna find the problems and report upstream. Sparc is not stable because reverse dependencies (which this bug depends on) aren't resolved yet. 20:27 <+CIA-29> jer * gentoo-x86/media-libs/flac/ (ChangeLog flac-1.2.1-r1.ebuild): 20:27 <+CIA-29> Reverting sparc stabilisation due to reverse dependencies I cannot test. alpha/ia64 stable, thanks Tobias ppc64 stable ppc stable sparc stable, this is ready for glsa request filed. GLSA 200711-15 |