Summary: | <media-sound/timidity++-2.14.0-r3: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | asturm |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/fulldisclosure/2017/Jul/83 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-sound/timidity++-2.14.0-r3
|
Runtime testing required: | --- |
Description
Christopher Díaz Riveros (RETIRED)
2017-07-31 13:22:24 UTC
It seems that other distros regard CVE-2017-11549 as notabug: https://www.mail-archive.com/debian-qa-packages@lists.debian.org/msg56304.html https://bugzilla.suse.com/show_bug.cgi?id=1081694 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a87c686d9ac9de5e0e455d15773d11307a73c66 commit 6a87c686d9ac9de5e0e455d15773d11307a73c66 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-08-22 21:56:46 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-08-22 22:23:22 +0000 media-sound/timidity++: EAPI-6, CVE-2017-11546, CVE-2017-11547 Bug: https://bugs.gentoo.org/626706 Package-Manager: Portage-2.3.48, Repoman-2.3.10 .../files/timidity++-2.14.0-CVE-2017-11546.patch | 31 ++++ .../files/timidity++-2.14.0-CVE-2017-11547.patch | 67 +++++++ .../files/timidity++-2.14.0-params.patch | 4 +- ...ert-for-required-ctl_speana_data-function.patch | 4 +- .../files/timidity++-2.14.0-tcltk86.patch | 4 +- media-sound/timidity++/timidity++-2.14.0-r3.ebuild | 199 +++++++++++++++++++++ 6 files changed, 303 insertions(+), 6 deletions(-) Adding arches for 2.14.0-r3 on the basis that other distributions do not regard CVE-2017-11549 as vulnerability either, and consequently I could not find any patch for that. Security, please decide there. amd64 stable Ignoring bug 557072 as it is no regression. sparc done. ppc stable ppc64 stable x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99790c0b7392f6240be9b93d6210bc9265c8ec13 commit 99790c0b7392f6240be9b93d6210bc9265c8ec13 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-15 19:12:56 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-15 20:04:44 +0000 media-sound/timidity++: Drop vulnerable 2.14.0-r2 Bug: https://bugs.gentoo.org/626706 Package-Manager: Portage-2.3.48, Repoman-2.3.10 media-sound/timidity++/timidity++-2.14.0-r2.ebuild | 185 --------------------- 1 file changed, 185 deletions(-) arm dropped, sound done. GLSA Vote: No Arches and Maintainer(s), Thank you for your work. Closing noglsa. |