I'm unsure about the versions, got this one from Thomas Biege @ oss-sec: --- src/cddb.c +++ src/cddb.c @@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct disc_data *outdata) free(file); while(!feof(cddb_data)) { - fgets(inbuffer, 512, cddb_data); + fgets(inbuffer, 256, cddb_data); cddb_process_line(inbuffer, data); } I checked that: we've got a vulnerable version in our tree.
InCVS as libcdaudio-0.99.12-r1
Arches, please test and mark stable =media-libs/libcdaudio-0.99.12-r1 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 I'm re-rating this as B2 as it most likely requires user interaction (i.e. the user has to open a malicious URL or file)
ppc64 done
Stable for HPPA.
amd64/x86 stable
btw please note: dodoc: ChangLog does not exist >>> Completed installing libcdaudio-0.99.12-r1 into /var/tmp/portage/media-libs/libcdaudio-0.99.12-r1/image/
alpha/arm/ia64/sparc stable
ppc stable
CVE-2008-5030 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5030): Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data.
GLSA 200903-31