FS#46269 : [vorbis-tools][CVE-2015-6749] oggenc aiff

FS#46269 - [vorbis-tools][CVE-2015-6749] oggenc aiff_open buffer overflow

Attached to Project: Arch Linux
Opened by Christian Rebischke (Shibumi) - Friday, 11 September 2015, 20:51 GMT
Last edited by Eric Belanger (Snowman) - Monday, 26 October 2015, 23:53 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Eric Belanger (Snowman)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Hello,
vorbis-tools in version <= 1.4.0-5 is vulnerable to a buffer overflow.

greetings

Christian Rebischke (Archlinux CVE-Monitoring Team)

References
==========
https://trac.xiph.org/ticket/2212
http://seclists.org/oss-sec/2015/q3/457

This task depends upon

Closed by Eric Belanger (Snowman)
Monday, 26 October 2015, 23:53 GMT
Reason for closing: Fixed
Additional comments about closing: vorbis-tools-1.4.0-6

Comment by Remi Gacogne (rgacogne) - Thursday, 15 October 2015, 09:41 GMT

Hi,

A trivial fix has been added to the upstream bug tracker[1], would you consider backporting it until a new release is available?

Thanks!

[1]: https://trac.xiph.org/ticket/2212

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#46269 - [vorbis-tools][CVE-2015-6749] oggenc aiff_open buffer overflow

Details

Loading...