CVE-2017-9258 (https://nvd.nist.gov/vuln/detail/CVE-2017-9258): The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file. References: http://seclists.org/fulldisclosure/2017/Jul/62
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be07790f921931e836b513eed0f298aa3be0934f commit be07790f921931e836b513eed0f298aa3be0934f Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-08-22 16:54:40 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-08-22 17:05:26 +0000 media-libs/libsoundtouch: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 Bug: https://bugs.gentoo.org/626508 Package-Manager: Portage-2.3.48, Repoman-2.3.10 .../files/libsoundtouch-2.0.0-CVE-2017-92xx.patch | 36 ++++++++++++++ .../libsoundtouch/libsoundtouch-2.0.0-r1.ebuild | 56 ++++++++++++++++++++++ 2 files changed, 92 insertions(+)
x86 stable
amd64 stable
hppa stable
ppc stable
ppc64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ae92277d1773417f01843f6503f2c18eab2751b commit 0ae92277d1773417f01843f6503f2c18eab2751b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-05 19:33:43 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-05 21:17:46 +0000 media-libs/libsoundtouch: Drop vulnerable Bug: https://bugs.gentoo.org/626508 Package-Manager: Portage-2.3.49, Repoman-2.3.10 media-libs/libsoundtouch/Manifest | 2 - .../files/libsoundtouch-1.7.0-flags.patch | 22 ---------- .../libsoundtouch/libsoundtouch-1.8.0-r1.ebuild | 48 --------------------- .../libsoundtouch/libsoundtouch-1.9.2.ebuild | 50 ---------------------- 4 files changed, 122 deletions(-)
sound is done here, anyway...