Have a look at this email from bugtraq:
I'll guess this also effects media-plugins/xmms-adplug
Sound please advise. The following is a short summary from URL:
The library is affected by various heap and stack overflow
As intuitable by the types of bugs almost all the unpacking
instructions don't verify the size of the destination buffers and trust
in the values provided by the same files which are used for allocating
the needed buffers (except in the CFF files where it has a fixed size).
according to the website the fix is in the CVS so i'll wait a few days and see if the upstream releases a new version. If not i'll patch it.
Thx Luis, setting it to upstream status for now.
Arch teams; please mark audacious 1.1.0 stable as it has a patched AdPlug backend. (As it does not use an external AdPlug, we do not have to wait for upstream to release. The necessary patches have been pinched from their CVS and are already applied.)
Handling audacious stable marking on bug #139957.
Ok a couple of days have passed, changing to ebuild status.
(In reply to comment #2)
> according to the website the fix is in the CVS so i'll wait a few days and see
> if the upstream releases a new version. If not i'll patch it.
metalgod, please patch.
Sound, any news on this one?
From what i saw xmms-adplug isn't affected... it's just a plugin. Since the main library is fixed the plugin is fine too.
So now we only need to stablize adplug.
Arches please stablize adplug-2.0.1.
And to be more safe stablize xmms-adplug-1.2 too.
x86 isn't last horray! ^.^
This one is ready for GLSA.
(In reply to comment #14)
> This one is ready for GLSA.
and this one is done :)