Summary: | media-sound/mpg123: find_next_file overflows linetmp buffer | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sascha Silbe <sascha-gentoo-bugzilla> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | sound | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | B2 [glsa] koon | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sascha Silbe
2004-12-16 14:51:58 UTC
Created attachment 46169 [details]
8.list from advisory
sound heard, pls verify/advise setting to upstream as no patch seems to be available yet __ http://secunia.com/advisories/13511/ CAN-2004-0982 also needs fixing... and upstream is dead.... ugg... I'll get on this http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0982 CAN-2004-0982 was fixed... nevermind... fixed in cvs... adding archs I'm getting a SEGV on ppc and x86 when running the test described /usr/bin/mpg123 -s --list ~/bug74692-9.list >/dev/null that's expected... mpg123 is crap in general, so the easiest way around this was to just segfault on entries >1023 characters rather than overflow. PowerPC done. Stable on alpha. hppa/ia64 stable stable on ppc64 GLSA 200412-22 (thx SeJo for the draft) mips should mark stable to benefit from GLSA Stable on mips. |