Summary: | <media-libs/libmp3splt-0.9.2-r1: denial of service via a crafted file in vorbis_block_clear function | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sound |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-libs/libmp3splt-0.9.2-r1
|
Runtime testing required: | --- |
Bug Depends on: | 682550 | ||
Bug Blocks: |
Description
Aleksandr Wagner (Kivak)
2017-10-09 14:15:21 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77b4de07de7b74bba15ac1c62332ed2aa2143cb commit c77b4de07de7b74bba15ac1c62332ed2aa2143cb Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-05-05 00:46:54 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-05-05 00:46:54 +0000 media-libs/libmp3splt: add CVE-2017-15185 DoS patch Bug: https://bugs.gentoo.org/633840 Package-Manager: Portage-2.3.36, Repoman-2.3.9 media-libs/libmp3splt/files/CVE-2017-15185.patch | 41 +++++++++++++++++++ media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild | 52 ++++++++++++++++++++++++ 2 files changed, 93 insertions(+) @arches, please stabilize. x86 stable amd64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e074fd299e7c7ccad3b66863796cff8ae6260dee commit e074fd299e7c7ccad3b66863796cff8ae6260dee Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-08 18:11:27 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-08 18:42:38 +0000 media-libs/libmp3splt: stable 0.9.2-r1 for sparc Bug: https://bugs.gentoo.org/633840 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Stable on alpha. @maintainer(s), please clean the vulnerable GLSA Vote: No GLSA Vote: No The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b7c9e8a1bdfcb92c92ed6d7d5d4211e3823874e commit 2b7c9e8a1bdfcb92c92ed6d7d5d4211e3823874e Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-06-11 15:54:04 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-06-11 15:54:04 +0000 media-libs/libmp3splt: drop vulnerable Bug: https://bugs.gentoo.org/633840 Package-Manager: Portage-2.3.40, Repoman-2.3.9 media-libs/libmp3splt/Manifest | 1 - media-libs/libmp3splt/libmp3splt-0.9.1a.ebuild | 50 ------------------------- media-libs/libmp3splt/libmp3splt-0.9.2.ebuild | 51 -------------------------- 3 files changed, 102 deletions(-) re-opened. cleanup is delayed as some other things need fixing... https://qa-reports.gentoo.org/output/gentoo-ci/56de7a4/output.html#media-sound/mp3splt for real this time... |