Bug 375125 (CVE-2011-2696)

Comment 1 Tim Sammut (RETIRED) 2011-08-18 23:38:26 UTC

Thanks, Alexis. Are we ready to stabilize =media-libs/libsndfile-1.0.25?

Comment 2 Tony Vroon (RETIRED) 2011-09-07 08:54:49 UTC

Sound herd approves; please CC arches and proceed with stabilisation.

Comment 3 Agostino Sarubbo 2011-09-07 09:00:19 UTC

Thanks Tony.

Arches, please test and mark stable:

=media-libs/libsndfile-1.0.25
target KEYWORDS : "alpha amd64 arm hppa	ia64 ppc ppc64 sh sparc	x86"

Comment 4 Agostino Sarubbo 2011-09-07 09:02:38 UTC

amd64 ok

Comment 5 Tony Vroon (RETIRED) 2011-09-07 09:04:23 UTC

+  07 Sep 2011; Tony Vroon <chainsaw@gentoo.org> libsndfile-1.0.25.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in
+  security bug #375125 filed by Alexis Ballier.

Comment 6 Jeff (JD) Horelick (RETIRED) 2011-09-07 21:27:50 UTC

Archtested on x86: Everything fine

Comment 7 Jeroen Roovers (RETIRED) 2011-09-09 14:55:57 UTC

Stable for HPPA.

(In reply to comment #6)
> Archtested on x86: Everything fine

+1

Comment 9 Markus Meier 2011-09-11 09:23:27 UTC

arm/x86 stable, thanks JD and Myckel

Comment 10 Raúl Porcel (RETIRED) 2011-09-11 17:26:37 UTC

alpha/ia64/sh/sparc stable

Comment 11 Kacper Kowalik (Xarthisius) (RETIRED) 2011-09-12 14:45:14 UTC

ppc/ppc64 stable, last arch done

Comment 12 Tim Sammut (RETIRED) 2011-09-12 15:11:23 UTC

Thanks, everyone. GLSA request filed.

Comment 13 GLSAMaker/CVETool Bot 2011-10-07 22:40:39 UTC

CVE-2011-2696 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2696):
  Integer overflow in libsndfile before 1.0.25 allows remote attackers to
  cause a denial of service (application crash) or possibly execute arbitrary
  code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based
  buffer overflow.

Comment 14 GLSAMaker/CVETool Bot 2013-12-17 11:52:46 UTC

This issue was resolved and addressed in
 GLSA 201312-14 at http://security.gentoo.org/glsa/glsa-201312-14.xml
by GLSA coordinator Sergey Popov (pinkbyte).