[Git][security-tracker-team/security-tracker][master] CVE-2018-10777 in mp3gain not completely fixed, add bugs
Stefan Fritsch
sf at debian.org
Sat Nov 7 19:51:21 GMT 2020
Stefan Fritsch pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f06c5b45 by Stefan Fritsch at 2020-11-07T20:50:48+01:00
CVE-2018-10777 in mp3gain not completely fixed, add bugs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -72478,8 +72478,9 @@ CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user privileg
CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username enumerat ...)
NOT-FOR-US: JetBrains
CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...)
- - mp3gain <unfixed>
+ - mp3gain <unfixed> (bug #973932)
NOTE: SuSE fix: https://build.opensuse.org/package/view_file/openSUSE:Maintenance:12304/mp3gain.openSUSE_Leap_15.1_Update/0001-fix-security-bugs.patch?rev=0db47562b2545871d0be3fc88083e0cd
+ NOTE: Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc
CVE-2019-18358
RESERVED
CVE-2019-18357 (An XSS issue was discovered in Thycotic Secret Server before 10.7 (iss ...)
@@ -151137,9 +151138,9 @@ CVE-2018-10778 (Read access violation in the III_dequantize_sample function in m
- mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10777 (Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3g ...)
- - mp3gain 1.6.2-1
+ - mp3gain <unfixed> (bug #973932)
[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
- NOTE: Fixed according to https://sourceforge.net/p/mp3gain/bugs/43/
+ NOTE: Fixed according to https://sourceforge.net/p/mp3gain/bugs/43/ but still causes crash with ASAN
NOTE: According to the CVE this is caught by FORTIFY_SOURCE, so no real vulnerability.
CVE-2018-10776 (The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 ...)
- mp3gain 1.6.2-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f06c5b459cdad10cf0f6403c2c175f8fb40e70ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f06c5b459cdad10cf0f6403c2c175f8fb40e70ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201107/d1ad5917/attachment.html>
More information about the debian-security-tracker-commits
mailing list