Summary: | <media-libs/libtheora-1.1.1: Integer overflow (CVE-2009-3389) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gentoo, media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3389 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 250723 |
Description
Hanno Böck
2009-12-22 23:33:17 UTC
(In reply to comment #0) > So probably left to do is stabilizing libtheora 1.1.1. This is quite old now, is there any reason it hasn't been done yet? FWIW, I've been using libtheora 1.1.1 for a couple of months now with no problems at all. Sorry about the delay. media-video, can you please ACK this request? (In reply to comment #2) > Sorry about the delay. > > media-video, can you please ACK this request? > There *were* once upon a time some dep issues with ffmpeg/libavcodec, but those have since been resolved. I believe everything else should be okay now. Good, thanks for the fast response. If there are still any issues, I hope the arch teams will find them: Arches, please test and mark stable: =media-libs/libtheora-1.1.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" Stable for HPPA. Stable for PPC. x86 stable, no issues found ppc64 done Stable on amd64 alpha/arm/ia64/sh/sparc stable GLSA request filed. This issue was resolved and addressed in GLSA 201312-04 at http://security.gentoo.org/glsa/glsa-201312-04.xml by GLSA coordinator Chris Reffett (creffett). |