Summary: | <media-libs/audiofile-0.3.6-r4: multiple vulnerabilities (CVE-2018-{13440,17095}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome, sound |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-libs/audiofile-0.3.6-r4
|
Runtime testing required: | --- |
Bug Depends on: | 614046 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2019-06-10 03:44:32 UTC
CVE-2018-17095 seems a duplicate of CVE-2017-6836 @maintainer(s), please include the useful patches available at: https://sources.debian.org/patches/audiofile/0.3.6-5/ This will be most of them provided they're not already applied, including but not limited to the relevant CVE patches (tagged as such). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f2bb2dc35eccffb4adbcc7f4057b6e2ea458d1b8 commit f2bb2dc35eccffb4adbcc7f4057b6e2ea458d1b8 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-19 18:28:17 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-19 18:28:17 +0000 media-libs/audiofile: Add security patches Dropping the system-gtest patch is necessary to make the tests run, as mentioned here: https://bugs.gentoo.org/680482#c8 The three closed bugs are reported test failures fixed by dropping the aforementioned patch and a slight repair of src_test. Because we're not using system gtest anymore, we can drop the test dependency on dev-cpp/gtest, and by extension the IUSE=test boilerplate. Bug: https://bugs.gentoo.org/614046 Bug: https://bugs.gentoo.org/687766 Closes: https://bugs.gentoo.org/680482 Closes: https://bugs.gentoo.org/715192 Closes: https://bugs.gentoo.org/720836 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16141 Signed-off-by: Sam James <sam@gentoo.org> media-libs/audiofile/audiofile-0.3.6-r4.ebuild | 55 +++ .../files/audiofile-0.3.6-CVE-2017-68xx.patch | 379 +++++++++++++++++++++ ...ofile-0.3.6-CVE-2018-13440-CVE-2018-17095.patch | 82 +++++ 3 files changed, 516 insertions(+) HPPA was missed. depends on bug has it... whoops. GLSA Vote: no dropped to ~hppa The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99c6a8c3924a9938c21a05f0498046c3e73c50c8 commit 99c6a8c3924a9938c21a05f0498046c3e73c50c8 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-29 00:19:22 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-29 00:19:37 +0000 media-libs/audiofile: security cleanup Bug: https://bugs.gentoo.org/687766 Bug: https://bugs.gentoo.org/614046 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> media-libs/audiofile/audiofile-0.3.6-r3.ebuild | 50 -------------------------- 1 file changed, 50 deletions(-) |