FS#74960 - [libmad] [security] CVE-2017-8372, 8373, 8374
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Saturday, 04 June 2022, 22:16 GMT
Last edited by Christian Hesse (eworm) - Friday, 17 February 2023, 21:09 GMT
Opened by T.J. Townsend (blakkheim) - Saturday, 04 June 2022, 22:16 GMT
Last edited by Christian Hesse (eworm) - Friday, 17 February 2023, 21:09 GMT
|
Details
Description:
The libmad package is currently vulnerable to CVE-2017-8372, CVE-2017-8373, and CVE-2017-8374. Additional info: Upstream is long dead. Some fixes can be added from https://sources.debian.org/src/libmad/0.15.1b-10/debian/patches/ |
This task depends upon
Closed by Christian Hesse (eworm)
Friday, 17 February 2023, 21:09 GMT
Reason for closing: Fixed
Additional comments about closing: libmad 0.15.1b-10
Friday, 17 February 2023, 21:09 GMT
Reason for closing: Fixed
Additional comments about closing: libmad 0.15.1b-10
libmad-md_size.diff ( CVE-2017-8372 CVE-2017-8373 ) and libmad-length-check.patch ( CVE-2017-8374) from Debian replaces frame_length.diff
libmad-0.15.1b-gcc43.patch is from Suse and stops configure filtering CFLAGS replaces optimize.diff
libmad.patch renamed to libmad-pkgconfig.patch
amd64-64bit.diff renamed to libmad-amd64-64bit.diff
Removed CFLAGS="$CFLAGS -ftree-vectorize -ftree-vectorizer-verbose=1" which had no effect due to configure filtering CFLAGS.