Details at $URL. @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
VE ID: CVE-2017-7742 Summary: In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. Published: 2017-04-12T18:59:00.000Z
amd64 stable
Stable for HPPA.
x86 stable
sparc stable
Stable on alpha.
ppc ppc64 stable.
ia64 stable
Remaining arches are not part of security supported architectures, proceeding with security. Arches please stabilize as soon as possible to secure package. New GLSA Request filed.
Adding additional vulnerabilities to this bug which were also addressed in =media-libs/libsndfile-1.0.28.
CVE-2017-7586 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7586): In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7585 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7585): In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7741 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7741): In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
@maekke: TESTFAILURE fixed, could you please try again and stabilise arm?
This issue was resolved and addressed in GLSA 201707-04 at https://security.gentoo.org/glsa/201707-04 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for arm...
arm stable
All done, thank you all.