[Git][security-tracker-team/security-tracker][master] note mp3gain fixes

Stefan Fritsch sf at debian.org
Tue Dec 29 14:29:49 GMT 2020 


Stefan Fritsch pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d686889 by Stefan Fritsch at 2020-12-29T15:29:29+01:00
note mp3gain fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83683,7 +83683,7 @@ CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user privileg
 CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username enumerat ...)
 	NOT-FOR-US: JetBrains
 CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...)
-	- mp3gain <unfixed> (bug #973932)
+	- mp3gain 1.6.2-2 (bug #973932)
 	NOTE: SuSE fix: https://build.opensuse.org/package/view_file/openSUSE:Maintenance:12304/mp3gain.openSUSE_Leap_15.1_Update/0001-fix-security-bugs.patch?rev=0db47562b2545871d0be3fc88083e0cd
 	NOTE: Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc
 CVE-2019-18358
@@ -162423,7 +162423,7 @@ CVE-2018-10778 (Read access violation in the III_dequantize_sample function in m
 	- mp3gain 1.6.2-1
 	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
 CVE-2018-10777 (Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3g ...)
-	- mp3gain <unfixed> (bug #973932)
+	- mp3gain 1.6.2-2 (bug #973932)
 	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
 	NOTE: Fixed according to https://sourceforge.net/p/mp3gain/bugs/43/ but still causes crash with ASAN
 	NOTE: According to the CVE this is caught by FORTIFY_SOURCE, so no real vulnerability.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d686889fb4d6b64195124225e58070bdfd5b0b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d686889fb4d6b64195124225e58070bdfd5b0b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201229/8a1e0b29/attachment.html>

More information about the debian-security-tracker-commits mailing list