Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 298039 - <media-libs/libtheora-1.1.1: Integer overflow (CVE-2009-3389)
Summary: <media-libs/libtheora-1.1.1: Integer overflow (CVE-2009-3389)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Blocks: 250723
  Show dependency tree
Reported: 2009-12-22 23:33 UTC by Hanno Böck
Modified: 2013-12-03 04:50 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2009-12-22 23:33:17 UTC
integer overflow in libtheora before 1.1. This also affects mozilla-firefox (already handled in #297532) and seamonkey 2.0 (not in portage).

So probably left to do is stabilizing libtheora 1.1.1.
Comment 1 Nick White 2010-02-19 17:17:25 UTC
(In reply to comment #0)
> So probably left to do is stabilizing libtheora 1.1.1.

This is quite old now, is there any reason it hasn't been done yet?

FWIW, I've been using libtheora 1.1.1 for a couple of months now with no problems at all.
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2010-02-19 17:59:11 UTC
Sorry about the delay.

media-video, can you please ACK this request?
Comment 3 Steve Dibb (RETIRED) gentoo-dev 2010-02-20 00:33:18 UTC
(In reply to comment #2)
> Sorry about the delay.
> media-video, can you please ACK this request?

There *were* once upon a time some dep issues with ffmpeg/libavcodec, but those have since been resolved.  I believe everything else should be okay now.
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2010-02-20 11:48:34 UTC
Good, thanks for the fast response. If there are still any issues, I hope the arch teams will find them:

Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2010-02-20 17:48:24 UTC
Stable for HPPA.
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2010-02-20 18:14:04 UTC
Stable for PPC.
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2010-02-21 22:13:36 UTC
x86 stable, no issues found
Comment 8 Brent Baude (RETIRED) gentoo-dev 2010-02-23 15:33:14 UTC
ppc64 done
Comment 9 Markos Chandras (RETIRED) gentoo-dev 2010-02-23 18:49:29 UTC
Stable on amd64
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2010-02-25 18:39:49 UTC
alpha/arm/ia64/sh/sparc stable
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-01-02 04:26:32 UTC
GLSA request filed.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2013-12-03 04:50:05 UTC
This issue was resolved and addressed in
 GLSA 201312-04 at
by GLSA coordinator Chris Reffett (creffett).