Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 375125 (CVE-2011-2696) - <media-libs/libsndfile-1.0.25: PAF File Processing Integer Overflow (CVE-2011-2696)
Summary: <media-libs/libsndfile-1.0.25: PAF File Processing Integer Overflow (CVE-2011...
Status: RESOLVED FIXED
Alias: CVE-2011-2696
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.securelist.com/en/advisori...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-13 20:05 UTC by Alexis Ballier
Modified: 2013-12-17 11:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexis Ballier gentoo-dev 2011-07-13 20:05:16 UTC
$url
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-08-18 23:38:26 UTC
Thanks, Alexis. Are we ready to stabilize =media-libs/libsndfile-1.0.25?
Comment 2 Tony Vroon gentoo-dev 2011-09-07 08:54:49 UTC
Sound herd approves; please CC arches and proceed with stabilisation.
Comment 3 Agostino Sarubbo gentoo-dev 2011-09-07 09:00:19 UTC
Thanks Tony.

Arches, please test and mark stable:

=media-libs/libsndfile-1.0.25
target KEYWORDS : "alpha amd64 arm hppa	ia64 ppc ppc64 sh sparc	x86"
Comment 4 Agostino Sarubbo gentoo-dev 2011-09-07 09:02:38 UTC
amd64 ok
Comment 5 Tony Vroon gentoo-dev 2011-09-07 09:04:23 UTC
+  07 Sep 2011; Tony Vroon <chainsaw@gentoo.org> libsndfile-1.0.25.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in
+  security bug #375125 filed by Alexis Ballier.
Comment 6 Jeff (JD) Horelick (RETIRED) gentoo-dev 2011-09-07 21:27:50 UTC
Archtested on x86: Everything fine
Comment 7 Jeroen Roovers gentoo-dev 2011-09-09 14:55:57 UTC
Stable for HPPA.
Comment 8 Myckel Habets archtester 2011-09-10 10:33:44 UTC
(In reply to comment #6)
> Archtested on x86: Everything fine

+1
Comment 9 Markus Meier gentoo-dev 2011-09-11 09:23:27 UTC
arm/x86 stable, thanks JD and Myckel
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2011-09-11 17:26:37 UTC
alpha/ia64/sh/sparc stable
Comment 11 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-09-12 14:45:14 UTC
ppc/ppc64 stable, last arch done
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2011-09-12 15:11:23 UTC
Thanks, everyone. GLSA request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:40:39 UTC
CVE-2011-2696 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2696):
  Integer overflow in libsndfile before 1.0.25 allows remote attackers to
  cause a denial of service (application crash) or possibly execute arbitrary
  code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based
  buffer overflow.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2013-12-17 11:52:46 UTC
This issue was resolved and addressed in
 GLSA 201312-14 at http://security.gentoo.org/glsa/glsa-201312-14.xml
by GLSA coordinator Sergey Popov (pinkbyte).