$url
Thanks, Alexis. Are we ready to stabilize =media-libs/libsndfile-1.0.25?
Sound herd approves; please CC arches and proceed with stabilisation.
Thanks Tony. Arches, please test and mark stable: =media-libs/libsndfile-1.0.25 target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
amd64 ok
+ 07 Sep 2011; Tony Vroon <chainsaw@gentoo.org> libsndfile-1.0.25.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in + security bug #375125 filed by Alexis Ballier.
Archtested on x86: Everything fine
Stable for HPPA.
(In reply to comment #6) > Archtested on x86: Everything fine +1
arm/x86 stable, thanks JD and Myckel
alpha/ia64/sh/sparc stable
ppc/ppc64 stable, last arch done
Thanks, everyone. GLSA request filed.
CVE-2011-2696 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2696): Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.
This issue was resolved and addressed in GLSA 201312-14 at http://security.gentoo.org/glsa/glsa-201312-14.xml by GLSA coordinator Sergey Popov (pinkbyte).