Summary: | media-libs/libcdaudio <0.99.12-1: remotely exploitable buffer overflow (CVE-2008-5030) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sound |
Priority: | High | Keywords: | STABLEREQ |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2008-11-05 12:14:06 UTC
InCVS as libcdaudio-0.99.12-r1 Arches, please test and mark stable =media-libs/libcdaudio-0.99.12-r1 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 I'm re-rating this as B2 as it most likely requires user interaction (i.e. the user has to open a malicious URL or file) ppc64 done Stable for HPPA. amd64/x86 stable btw please note:
dodoc: ChangLog does not exist
>>> Completed installing libcdaudio-0.99.12-r1 into /var/tmp/portage/media-libs/libcdaudio-0.99.12-r1/image/
alpha/arm/ia64/sparc stable ppc stable CVE-2008-5030 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5030): Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data. GLSA 200903-31 |