FS#12692 : libvorbis security issues

FS#12692 - libvorbis security issues

Attached to Project: Arch Linux
Opened by kujub (kujub) - Tuesday, 06 January 2009, 19:10 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 08 February 2009, 09:50 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Tobias Powalowski (tpowa)
Architecture	All
Severity	High
Priority	Normal
Reported Version	None
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:

Three security issues have been discovered in libvorbis 1.2.0:
[ 1 ] CVE-2008-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419
[ 2 ] CVE-2008-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420
[ 3 ] CVE-2008-1423 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423

Possible solutions:
Please update to 1.2.1rc1 from http://people.xiph.org/~giles/2008/$pkgname-$pkgver.tar.gz
(as Gentoo did)
or apply appropriate patches.

Additional info:
* package version(s)
1.2.0-1

* Additional References:
Gentoo Linux Security Advisory GLSA 200806-09:02
http://security.gentoo.org/glsa/glsa-200806-09.xml

This task depends upon

Closed by Tobias Powalowski (tpowa)
Sunday, 08 February 2009, 09:50 GMT
Reason for closing: Fixed

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#12692 - libvorbis security issues

Details

Loading...