Summary: | <media-sound/mp3gain-1.6.2: Buffer overflow in ReadMP3APETag (CVE-2019-18359) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ajak, chainsaw, sound |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve cleanup] | ||
Package list: |
media-sound/mp3gain-1.6.2
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2020-04-17 20:38:29 UTC
@maintainer(s), please bump the ebuild (In reply to Sam James (sec padawan) from comment #1) > @maintainer(s), please bump the ebuild Doesn't look like there's a release upstream since 1.6.2, nor has upstream addressed this issue. openSUSE has a patch: https://build.opensuse.org/package/view_file/openSUSE:Factory/mp3gain/0001-fix-security-bugs.patch The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36f8689f7903548f5d89827a6e7bdf70a9882cee commit 36f8689f7903548f5d89827a6e7bdf70a9882cee Author: Sam James <sam@gentoo.org> AuthorDate: 2020-08-03 05:11:12 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-08-03 05:12:45 +0000 media-sound/mp3gain: bump to 1.6.2 (+ CVE patch) Bump to 1.6.2, which includes an upstreamed patch for a previous CVE, and include openSUSE's patch for CVE-2019-18359 (and others). Bug: https://bugs.gentoo.org/717940 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> media-sound/mp3gain/Manifest | 1 + .../files/mp3gain-1.6.2-CVE-2019-18359-plus.patch | 183 +++++++++++++++++++++ media-sound/mp3gain/mp3gain-1.6.2.ebuild | 33 ++++ 3 files changed, 217 insertions(+) sparc done amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. GLSA vote: no The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78ad7877efb30b4599320e7f81a15cb2527acdfe commit 78ad7877efb30b4599320e7f81a15cb2527acdfe Author: Sam James <sam@gentoo.org> AuthorDate: 2020-08-29 00:26:26 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-08-29 00:26:26 +0000 media-sound/mp3gain: security cleanup Closes: https://bugs.gentoo.org/717940 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Sam James <sam@gentoo.org> media-sound/mp3gain/Manifest | 1 - .../files/mp3gain-1.6.1-CVE-2017-12911.patch | 77 ---------------------- media-sound/mp3gain/mp3gain-1.6.1.ebuild | 34 ---------- 3 files changed, 112 deletions(-) |