Summary: | <media-sound/mp3gain-1.6.1: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | chain, chainsaw, drmccoy, gentoo-bugs, ppc64, ppc, sound, treecleaner |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=630954 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-sound/mp3gain-1.6.1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-10-27 00:52:06 UTC
the latter is a write issue which I had a way to see. Upstream fixed CVE-2017-12911 last month. It was a blocker for the 1.6.2 release. I'll ping them about CVE-2017-12912 soon as Sourceforge cooperates with me accessing my account. [master ace29cb9d332] media-sound/mp3gain: Bump (#630954), fix CVE-2017-12911 (#635548) 3 files changed, 112 insertions(+) create mode 100644 media-sound/mp3gain/files/mp3gain-1.6.1-CVE-2017-12911.patch create mode 100644 media-sound/mp3gain/mp3gain-1.6.1.ebuild For the CVE-2017-12912 I couldn't find any fix :/ but I guess we can stabilize this version meantime I am not sure if maybe clone this bug to cover the remaining security issue in the future :/ Anyway, for now we can stabilize 1.6.1 (In reply to Pacho Ramos from comment #4) > I am not sure if maybe clone this bug to cover the remaining security issue > in the future :/ > > Anyway, for now we can stabilize 1.6.1 I think we can proceed to stabilize and address the other CVE with another stable call in this bug. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5162ff386be42cbfaadbb0bfa40aa41308c5b4ae commit 5162ff386be42cbfaadbb0bfa40aa41308c5b4ae Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-21 23:18:27 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-21 23:18:27 +0000 media-sound/mp3gain: amd64 stable wrt bug #635548 Bug: https://bugs.gentoo.org/635548 Package-Manager: Portage-2.3.31, Repoman-2.3.9 media-sound/mp3gain/mp3gain-1.6.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} x86 stable hppa stable alpha stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1fd2a3efff669160051b646a1bd48c419be2fdd commit c1fd2a3efff669160051b646a1bd48c419be2fdd Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-08 18:20:17 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-08 18:42:40 +0000 media-sound/mp3gain: stable 1.6.1 for sparc Bug: https://bugs.gentoo.org/635548 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" media-sound/mp3gain/mp3gain-1.6.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) looks like ppc/ppc64 keywords were dropped. Moving on. GLSA Vote: No Tree is clean. |