[Secure-testing-commits] r54117 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jul 31 04:58:44 UTC 2017
Author: carnil
Date: 2017-07-31 04:58:44 +0000 (Mon, 31 Jul 2017)
New Revision: 54117
Modified:
data/CVE/list
Log:
Track fixed version for CVE-2017-9412
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-31 04:49:16 UTC (rev 54116)
+++ data/CVE/list 2017-07-31 04:58:44 UTC (rev 54117)
@@ -6325,7 +6325,9 @@
CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the ...)
NOT-FOR-US: Jamroom
CVE-2017-9412 (The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 ...)
- - lame <unfixed>
+ - lame 3.99.5+repack1-7
+ NOTE: Fixed by the improved 0001-Add-check-for-invalid-input-sample-rate.patch in
+ NOTE: 3.99.5+repack1-7, https://anonscm.debian.org/cgit/pkg-multimedia/lame.git/commit/debian/patches?id=1c7c62d3c5614443524b5ad170ba2713a14d4e09
NOTE: http://seclists.org/fulldisclosure/2017/Jul/63
NOTE: https://sourceforge.net/p/lame/bugs/463/
NOTE: Invalid read in command line tool so no CVE is needed. MITRE contacted by ago at gentoo
More information about the Secure-testing-commits
mailing list