Summary: | media-sound/rhythmbox: .pls DoS (CVE-2008-7185) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | gnome, gstreamer | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B3 [noglsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Alex Legler (RETIRED)
2009-09-10 09:35:10 UTC
The affected function has been removed two months before the vulnerability report: http://git.gnome.org/cgit/rhythmbox/commit/?id=5d8c34c60b6d89c209da2afc3fd2bc62211785e6 It is still in 0.11.5, but not in 0.11.6. Can someone try to reproduce with our stable versions? Created attachment 227533 [details]
ddos-test.pls
due to a lack of known bad file I had to rely on a random try.
0.12.* seems to be fine with the attache pls file. Vulnerable versions are not in the tree anymore. GLSA Vote: no. GLSA Vote: no -> Closing. Feel free to reopen if you disagree. |