CVE-2017-12562 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12562): Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. References: https://github.com/erikd/libsndfile/issues/292 Commit: https://github.com/manxorist/libsndfile/commit/b6a9d7e95888ffa77d8c75ce3f03e6c7165587cd
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcefddf42de6342aeff7dce16760923b10a05909 commit fcefddf42de6342aeff7dce16760923b10a05909 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-18 16:21:49 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-18 16:21:49 +0000 media-libs/libsndfile: Fix CVE-2017-12562 Bug: https://bugs.gentoo.org/627152 Package-Manager: Portage-2.3.49, Repoman-2.3.10 .../files/libsndfile-1.0.28-CVE-2017-12562.patch | 88 ++++++++++++++++++++++ media-libs/libsndfile/libsndfile-1.0.28-r2.ebuild | 65 ++++++++++++++++ 2 files changed, 153 insertions(+)
Oh well...
ppc/ppc64 stable
Bumping stabilisation for bug 660452 and re-adding powerpc, sorry about that.
amd64 stable
sparc done.
x86 stable
hppa stable
ia64 stable
ppc64 stable
ppc stable
arm stable
Stable on alpha.
Seems like hppa was forgotten to un-CC and we are actually done here.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d764439209b09293cebf18eb0f4a5a6bc7a2c0e commit 1d764439209b09293cebf18eb0f4a5a6bc7a2c0e Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-10-03 18:33:57 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-10-03 18:33:57 +0000 media-libs/libsndfile: Security cleanup Bug: https://bugs.gentoo.org/627152 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.50, Repoman-2.3.11 media-libs/libsndfile/libsndfile-1.0.28-r1.ebuild | 62 --------------------- media-libs/libsndfile/libsndfile-1.0.28-r2.ebuild | 66 ----------------------- 2 files changed, 128 deletions(-)
This issue was resolved and addressed in GLSA 201811-23 at https://security.gentoo.org/glsa/201811-23 by GLSA coordinator Aaron Bauman (b-man).