Summary: | media-sound/mpg321: format string vulnerability (CVE-2003-0969) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tavis Ormandy (RETIRED) <taviso> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sound |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B2 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Tavis Ormandy (RETIRED)
2005-03-20 10:51:18 UTC
media-sound/mpg123 is also affected by this issue. oops, no it isnt..disregard that. CVE-2003-0969 The only difference between mpg321-0.2.10-r1 (currently KEYWORDS="amd64 x86 ~ppc sparc mips alpha ppc64") and mpg321-0.2.10-r2 (currently KEYWORDS="-* ~ppc-macos") is the addition of a patch from freebsd which is "obviously correct", it fixes this security issue and looks like it fixes a couple of fd leaks. -r2 should be ready for arch stabilisation. Arches, for mpg321-0.2.10-r2: amd64 x86 sparc mips alpha ppc64: please test and mark stable ppc: please test and mark ~ppc Ccing sound team, in case it wants to test and mark stable a few arches by itself Stable on sparc. stable on amd64 and x86 Stable on ppc. Stable on alpha. stable on ppc64 GLSA 200503-34 Stable on mips. |