[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2016-2541, audacity: Wheezy is not affected

Markus Koschany apo at debian.org
Sat Feb 10 21:52:01 UTC 2018 

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1091e88e by Markus Koschany at 2018-02-10T22:40:04+01:00
CVE-2016-2541,audacity: Wheezy is not affected

This version builds against the system library of libmad. The embedded code
copy was apparently removed. Not sure if Debian's system library is vulnerable
or if this issue is already reported as one of the open CVEs against libmad.

- - - - -
6dda1438 by Markus Koschany at 2018-02-10T22:51:17+01:00
Is CVE-2017-8373 and CVE-2017-8372 related to CVE-2016-2541?

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -44304,6 +44304,7 @@ CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.1
 	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
 	NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it
 	NOTE: "Duplicate with"/basically same as CVE-2017-8372
+	NOTE: Is this related to CVE-2016-2541?
 CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...)
 	- libmad 0.15.1b-9 (bug #287519)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
@@ -91329,6 +91330,7 @@ CVE-2016-3171 (Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x b
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial of ...)
 	- audacity 2.1.2-1
+	[wheezy] - audacity <not-affected> (vulnerable code not present)
 	NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
 	NOTE: https://github.com/audacity/audacity/commit/85026f98958a8dcc09188be24a8db0385988e23f
 CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/45070c03a838aa510e0aee109341015dd5b9a239...6dda1438a4e2a8bbea92cdea54f41e8b33064c79

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/45070c03a838aa510e0aee109341015dd5b9a239...6dda1438a4e2a8bbea92cdea54f41e8b33064c79
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180210/7aa112d5/attachment.html>

More information about the Secure-testing-commits mailing list