Summary: | media-sound/cadence: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | minor | CC: | nex+b-g-o, proaudio |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2023/10/05/4 | ||
Whiteboard: | B3 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2023-11-23 18:16:30 UTC
As the original developer (falktx) abandoned the project, and as Cadence suite is closely related to jackdbus, a2jmidid and ladish, all developed as part of the LADI project, I took initiative to maintain Cadence upstream in the LADI project too. In August 2023, Libera.chat IRC, #lad, I notified the original developer about the adoption in LADI project after he told me about the abandonment. In particular, the CVE fixing patches are now applied. The version is currently at 1.9.3. https://gitea.ladish.org/LADI/cadence I'll do ebuilds for 1.9.3 and later anyway and can contribute them to Gentoo. Tarballs: https://dl.ladish.org/cadence/ladi-cadence-1.9.4.tar.xz https://dl.ladish.org/cadence/ladi-cadence-1.9.4.tar.xz.sig == ladi-cadence-1.9.4: January 11, 55 (2024) * Add NEWS.adoc file * Add AUTHORS.adoc file * Add MAINTAINERS.adoc file * Remove vendored unzipfx code along with data/windows/ * Adjust README.md ("is being developed by falktx" => "was developed by falktx") * Makefile: Add dist target for tarball creation and gpg-signing == ladi-cadence-1.9.3: January 7, 55 (2024) * Switch default for /org/ladish/daemon/terminal to xterm (so to match ladish codebase defaults) Bug: https://github.com/falkTX/Cadence/issues/361 * First LADI release, after falktx abandoned and archived the codebase * README.md: Add info about new maintainer (LADI project, Nedko Arnaudov) * Apply CVEs patches from SuSE, by Matthias Gerstner: ** Patch CVE-2023-43782: Use of Fixed Temporary File Path in /tmp/.cadence-aloop-daemon.x ** Patch CVE-2023-43783: Use of Fixed Temporary File Path in /tmp/cadence-wineasio.reg |