Summary: | <media-libs/libvorbis-1.2.3 vorbis_book_decodevv_add() arbitrary code execution (CVE-2009-2663) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | major | CC: | sound | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | https://bugzilla.mozilla.org/show_bug.cgi?id=500254 | ||||||||
Whiteboard: | A2 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-08-06 19:47:51 UTC
Created attachment 200418 [details, diff]
0001-First-half-of-fix-for-Mozilla-BZ-500254.patch
Created attachment 200419 [details, diff]
0002-Second-half-of-fix-to-Mozilla-BZ-5000254-sanity-chec.patch
These are in 1.2.3. I verified by checking the code line by line. It can go stable. Thanks for the fast check ;-) Arches, please test and mark stable: =media-libs/libvorbis-1.2.3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" media-libs/fmod (both slots) bundle a libvorbis interfaces; whether this is libVorbis itself, tremor or nothing at all I cannot tell (since it's proprietary closed source). x86 stable ppc64 done Stable for HPPA. Stable on alpha. amd64 stable arm/ia64/sh/sparc stable ppc stable GLSA request filed. GLSA 200909-02 |