Bug 20051 - heap overflow in VOC and AIFF file parsers (CVE-2009-1788, CVE-2009-1791)
Summary: heap overflow in VOC and AIFF file parsers (CVE-2009-1788, CVE-2009-1791)
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: libsndfile (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Valery Inozemtsev
QA Contact: qa-sisyphus
URL: http://www.mega-nerd.com/erikd/Blog/C...
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-05-15 10:33 MSD by Vladimir Lettiev
Modified: 2009-05-26 22:26 MSD (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-05-15 10:33:07 MSD
Обнаружены ошибки переполнения буфера в парсере VOC-файлов (Tobias Klein, http://www.trapkit.de/ ) и парсере AIFF-файлов (Erik de Castro Lopo, http://www.mega-nerd.com/erikd/Blog/ )
Upstream выпустил исправления в новой версии 1.0.20
Comment 1 Repository Robot 2009-05-15 18:51:38 MSD
libsndfile-1.0.20-alt1 -> sisyphus:

* Fri May 15 2009 Valery Inozemtsev <shrek@altlinux> 1.0.20-alt1

- fixed potential heap overflow in VOC file parser (closes: #20051)
Comment 2 Vladimir Lettiev 2009-05-17 00:18:59 MSD
ok
Comment 3 Vladimir Lettiev 2009-05-25 20:19:40 MSD
closed