Summary: | media-libs/libid3tag <0.15.1b-r2 Infinite loop (CVE-2008-2109) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Viktor Ashirov <viktor> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | minor | CC: | bugzilla, sound, tester | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | B3? [glsa] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Viktor Ashirov
2008-02-18 08:07:10 UTC
Created attachment 143858 [details, diff]
libid3tag-0.15.1b-fix_overflow.patch
Created attachment 143859 [details]
strace madplay
Created attachment 143861 [details]
mp3 file for testing
Security team please advise.. libid3tag-0.15.1b-r1 has this patch and more.. I guess the security guys don't care? WeI should probably wait 30 days anyway since I added a lot of patches. (In reply to comment #5) > libid3tag-0.15.1b-r1 has this patch and more.. I guess the security guys don't > care? WeI should probably wait 30 days anyway since I added a lot of patches. We do care, thank you for bugging again. Which of the patches you added is the fix for this bug (because I failed to find the patch attached here in CVS)? Also, considering this is a security bug, I'd rather fix it sooner than later. We could agree on a five day testing period, if you like. I'm an idiot, I forgot to add the patch for this bug, anyway, its in now. (In reply to comment #7) > I'm an idiot, I forgot to add the patch for this bug, anyway, its in now. We need to revbump this then, to make sure everyone who upgraded to 0.15.1b-r1 is safe from the issue. bumped Arches, please test and mark stable: =media-libs/libid3tag-0.15.1b-r2 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86" Stable for HPPA. amd64/x86 stable alpha/ia64/sparc stable ppc stable ppc64 stable CVE-2008-2109 Time for GLSA decision. This seems to be a client only application, so this would be a client DoS => voting NO. media-sound/mt-daapd uses this library. Also, the infinite loop will eat up all memory, it does not only crash the player. I rather tend for a yes here. Fixed in release snapshot. (In reply to comment #18) > media-sound/mt-daapd uses this library. Also, the infinite loop will eat up all > memory, it does not only crash the player. I rather tend for a yes here. > ok, changing my vote. GLSA request filed. GLSA 200805-15 |