CVE-2022-46449: An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input. Looks like fix is: https://github.com/MusicPlayerDaemon/MPD/commit/73b5d0a9b9ace89edcee30d9d83eb16c27c6f9b2 Please stabilize 0.23.11.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8df3ad751d0ab041eedddc831d79577b4baa5bee commit 8df3ad751d0ab041eedddc831d79577b4baa5bee Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2023-01-19 08:57:08 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2023-01-19 08:57:08 +0000 media-sound/mpd: drop 0.23.9-r1, 0.23.10 Bug: https://bugs.gentoo.org/890564 Signed-off-by: Joonas Niilola <juippis@gentoo.org> media-sound/mpd/Manifest | 2 - media-sound/mpd/mpd-0.23.10.ebuild | 289 ---------------------------------- media-sound/mpd/mpd-0.23.9-r1.ebuild | 290 ----------------------------------- 3 files changed, 581 deletions(-)
Oops, this is actually Windows-specific according to the upstream commit.
