Bug 217602

Summary:	media-libs/sdl-sound <1.0.1-r2 speex implementation insufficient boundary checks
Product:	Gentoo Security	Reporter:	Matthias Geerdsen (RETIRED) <vorlon>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	games, ssuominen
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B2 [ebuild]
Package list:		Runtime testing required:	---
Bug Depends on:	217715
Bug Blocks:

Description Matthias Geerdsen (RETIRED) gentoo-dev

2008-04-14 09:09:04 UTC

This issues appears to be only semi-public at the moment, so let's keep this restricted, as has been asked for, until it is fully public

sdl-sound appears to include vulnerable speex code

see http://www.ocert.org/advisories/ocert-2008-2.html
as well as bug 216499 and bug 217373 for similar issues

patch can be found at http://svn.icculus.org/SDL_sound/trunk/decoders/speex.c?r1=536&r2=537&pathrev=537

Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev

2008-04-14 10:05:00 UTC

vapier, as member of games, could you prepare an ebuild?

this should be handled as a semi-public bug until the issue is fully public by means of a new release or an announcement

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-04-14 16:56:08 UTC

adding vapier as cc

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-04-14 22:25:18 UTC

This does not need to be fixed if we enable the workaround in libspeex, which
is bug 217715.

Comment 4 SpanKY gentoo-dev

2008-04-15 01:15:50 UTC

just going with the speex fix sounds fine to me

Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev

2008-04-17 09:42:28 UTC

now public via http://www.ocert.org/advisories/ocert-2008-004.html

Comment 6 Matthias Geerdsen (RETIRED) gentoo-dev

2008-04-17 10:15:26 UTC

This will be fixed with the speex update in bug 217715, keeping open until the
GLSA has been released.

Comment 7 Robert Buchholz (RETIRED) gentoo-dev

2008-04-17 12:16:55 UTC

speex has been sent as GLSA 200804-17, this also fixes this bug.