From ${URL} : Name : vorbis-tool Affected Version: <= Revision 19495 URL : https://wiki.xiph.org/Vorbis-tools Description : An issue was found in oggenc/audio.c when it tries to open invalid AIFF file. 274 if(fread(buffer,1,len,in) < len) The input buffer and length can be controlled by user indirectly via: 260 if(!find_aiff_chunk(in, "COMM", &len)) More info can be found at : https://trac.xiph.org/ticket/2212 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
ebuild submitted. needs to be tested
Stable on all arches, cleanup needed and glsa vote
ia64 stable
amd64 stable
arm stable
x86 stable
Arches - PPC / PPC64 / Alpha / hppa needs to be completed.
alpha stable
sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
hppa stable
ppc/ppc64 stable
New GLSA Request filed.
Maintainer(s), please drop the vulnerable version(s).
Downgraded to B3. No PoC for ACE/RCE. GLSA Vote: No Maintainers, please clean the vulnerable.
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d78d252fcdbf8d91583548af6a821fe561ee0947
sparc stable (thanks to Rolf Eike Beer)