Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 217373 - <media-sound/sweep-0.9.3 possible security issue with speex
Summary: <media-sound/sweep-0.9.3 possible security issue with speex
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2? [stable]
Keywords:
Depends on: 217715
Blocks:
  Show dependency tree
 
Reported: 2008-04-12 10:13 UTC by Alexis Ballier
Modified: 2008-04-21 08:13 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexis Ballier gentoo-dev 2008-04-12 10:13:40 UTC 
New in this release
-------------------

This is a bug fix release, containing the following changes:
		
	* Fixed bounds checking of mode in speex header. relates to:
	  http://www.ocert.org/advisories/ocert-2008-2.html
	* Fixed bug preventing device dialog being reopened when
	  closed via the window manager.


This is related to bug #216499

I have no idea if this is exploitable or anything, but the code change is exactly the same as in libfishsound.
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-12 14:41:05 UTC 
thanks for the bug/ebuild

arches, please test and mark stable
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-12 15:31:02 UTC 
second try... this time even using the "Add Archs" button

so please test media-sound/sweep-0.9.3 and mark stable if possible
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-12 18:19:48 UTC 
ppc stable
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2008-04-13 12:51:32 UTC 
ppc64 stable
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-04-13 16:28:53 UTC 
sparc/x86 stable
Comment 6 Jesse Adelman 2008-04-13 20:51:45 UTC 
Hrm... Is my error below related to this bug? I've been getting this for a few days, and I've cleared /usr/portage and http-replicator's cache, with the same result. Thanks.

---
>>> Emerging (1 of 3) media-sound/sweep-0.9.3 to /
>>> Downloading 'http://gentoo.arcticnetwork.ca/source/distfiles/sweep-0.9.3.tar.gz'
--13:49:20--  http://gentoo.arcticnetwork.ca/source/distfiles/sweep-0.9.3.tar.gz
           => `/usr/portage/distfiles/sweep-0.9.3.tar.gz'
Connecting to 192.168.1.55:8081... connected.
Proxy request sent, awaiting response... 200 OK
Length: 1,248,948 (1.2M) [application/x-gzip]

100%[====================================>] 1,248,948    544.90K/s             

13:49:23 (543.37 KB/s) - `/usr/portage/distfiles/sweep-0.9.3.tar.gz' saved [1248948/1248948]

 * checking ebuild checksums ;-) ...                                      [ ok ]
 * checking auxfile checksums ;-) ...                                     [ ok ]
 * checking miscfile checksums ;-) ...                                    [ ok ]
 * checking sweep-0.9.3.tar.gz ;-) ...                                    [ !! ]

!!! Digest verification failed:
!!! /usr/portage/distfiles/sweep-0.9.3.tar.gz
!!! Reason: Filesize does not match recorded size
!!! Got: 1248948
!!! Expected: 19869
fuji ~ #
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2008-04-13 22:35:20 UTC 
(In reply to comment #6)
> Hrm... Is my error below related to this bug? I've been getting this for a few
> days, and I've cleared /usr/portage and http-replicator's cache, with the same
> result. Thanks.

Yes, it is related. It seems the DIST entry got corrupted in one commit. I resurrected it from before, please emerge --sync and retry.
Comment 8 Markus Meier gentoo-dev 2008-04-14 20:17:16 UTC 
amd64 stable, last arch.
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2008-04-14 20:43:54 UTC 
reassigning to correct category
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2008-04-17 12:16:18 UTC 
speex has been sent as GLSA 200804-17, this also fixes this bug.
Comment 11 Peter Volkov (RETIRED) gentoo-dev 2008-04-21 08:13:11 UTC 
Fixed in release snapshot.