Bug#437916: CVE-2007-4029 unfixed for stable
Nico Golde
nion at debian.org
Tue Aug 14 19:44:22 UTC 2007
Package: libvorbis
Version: 1.1.2.dfsg-1.2
Severity: serious
Tags: security
Hi,
These issues are reported to be fixed in >= 1.2.0 but I
can't find any references in the stable changelog that those
were fixed.
CVE-2007-4029:
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows
context-dependent attackers to cause a denial of service via (1) an invalid
mapping type, which triggers an out-of-bounds read in the vorbis_info_clear
function in info.c, and (2) invalid blocksize values that trigger a
segmentation fault in the read function in block.c.
Please include the CVE id in the changelog.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-xiph-maint/attachments/20070814/025d51e6/attachment-0001.pgp
More information about the pkg-xiph-maint
mailing list