Summary: | media-libs/faad2 < 2.6.1-r2: heap overflow in the frontend (CVE-2008-4201) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alexis Ballier <aballier> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | sound | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Alexis Ballier
2008-09-23 06:21:09 UTC
Created attachment 166174 [details, diff]
main_overflow.diff
Make the thing apply cleanly.
+*faad2-2.6.1-r2 (23 Sep 2008) + + 23 Sep 2008; Peter Alfredsen <loki_val@gentoo.org> + +files/faad2-2.6.1-main-overflow.patch, +faad2-2.6.1-r2.ebuild: + Security bump w/ patch from bug 238445 + Arches, please test and mark stable media-libs/faad2-2.6.1-r2. Target keywords: "alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 ~sh sparc x86 ~x86-fbsd" amd64 stable Stable for HPPA. Sparc stable for -2.6.1-r2. CVE-2008-4201 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4201): Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. ppc64 stable alpha/ia64/x86 stable ppc stable GLSA request filed. GLSA 200811-03, thanks everyone, sorry about the delay. |