[Secure-testing-commits] r50611 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Apr 13 06:56:23 UTC 2017
Author: carnil
Date: 2017-04-13 06:56:22 +0000 (Thu, 13 Apr 2017)
New Revision: 50611
Modified:
data/CVE/list
Log:
CVE-2017-7741/libsndfile is fixed with 1.0.27-2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-13 06:43:07 UTC (rev 50610)
+++ data/CVE/list 2017-04-13 06:56:22 UTC (rev 50611)
@@ -8,10 +8,11 @@
NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/
TODO: need to check this closer and as well the related CVE, at least the invalid READ seems unfixed
CVE-2017-7741 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" ...)
- - libsndfile <unfixed>
+ - libsndfile 1.0.27-2
NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0
NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/
- TODO: need to check this closer and as well the related CVE, at least the invalid READ seems unfixed
+ NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue
+ NOTE: https://sources.debian.net/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
CVE-2017-7740
RESERVED
CVE-2017-7739
More information about the Secure-testing-commits
mailing list