Summary: | <media-libs/libmad-0.15.1b-r9: multiple vulnerabilities (CVE-2017-{8372,8373,8374}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | nobrowser, sound |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A4 [noglsa cve] | ||
Package list: |
media-libs/libmad-0.15.1b-r9
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-05-09 18:31:38 UTC
Debian seems to use patch https://sources.debian.net/src/libmad/0.15.1b-8/debian/patches/frame_length.diff/ for all the reported vulnerabilities. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a877b25c4d29e1e60df8af384725e83c093fa734 commit a877b25c4d29e1e60df8af384725e83c093fa734 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-10-03 20:48:42 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-10-03 21:11:27 +0000 media-libs/libmad: Fix vulnerabilities, EAPI-7 bump Debian does it, so let's use it too. Bug: https://bugs.gentoo.org/618022 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.50, Repoman-2.3.11 ...CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch | 197 +++++++++++++++++++++ media-libs/libmad/libmad-0.15.1b-r9.ebuild | 80 +++++++++ 2 files changed, 277 insertions(+) ia64 stable x86 stable amd64 stable ppc/ppc64 stable hppa stable Stable on alpha. arm stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e128741cd6e2f3e753c76a2d0b69847044686a7b commit e128741cd6e2f3e753c76a2d0b69847044686a7b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-11-04 22:49:51 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-11-04 22:50:43 +0000 media-libs/libmad: Security cleanup Bug: https://bugs.gentoo.org/618022 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/libmad/libmad-0.15.1b-r8.ebuild | 76 ------------------------------ 1 file changed, 76 deletions(-) sparc stable tree is clean. |