Summary: | media-libs/libao:memory corruption vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | ajak, fordfrog, sound |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/fulldisclosure/2017/Jul/84 | ||
Whiteboard: | B3 [ebuild cve] | ||
Package list: | Runtime testing required: | --- |
Description
Christopher Díaz Riveros (RETIRED)
2017-07-31 13:04:49 UTC
Maintainer(s), RedHat has addressed this bug with version #: libao-1.2.0-13.fc28 Our version in tree is Version: 1.2.2, please confirm if our current version has this fix in it. I can't reproduce. Debian maintainer also isn't sure that this is actually an issue in libao. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608 i can't reproduce it: $ mpg321-mpg123 libao_1.2.0_memory_corruption.mp3 High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2, and 3. Version 0.3.2-1 (2012/03/25). Written and copyrights by Joe Drew, now maintained by Nanakos Chrysostomos and others. Uses code from various people. See 'README' for more! THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Illegal bit allocation value Playing MPEG stream from libao_1.2.0_memory_corruption.mp3 ... MPEG 1.0 layer III, 192 kbit/s, 44100 Hz mono [0:00] Decoding of libao_1.2.0_memory_corruption.mp3 finished. $ equery list libao * Searching for libao ... [IP-] [ ] media-libs/libao-1.2.2-r1:0 so i suppose you can proceed. Let's close as invalid then. Thanks for the second opinion! |