Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#7691 - Warning on libvorbis
Attached to Project:
Arch Linux
Opened by DaNiMoTh (DaNiMoTh) - Friday, 27 July 2007, 19:14 GMT
Last edited by Andreas Radke (AndyRTR) - Friday, 27 July 2007, 21:42 GMT
Opened by DaNiMoTh (DaNiMoTh) - Friday, 27 July 2007, 19:14 GMT
Last edited by Andreas Radke (AndyRTR) - Friday, 27 July 2007, 21:42 GMT
|
Details------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#34 ------------------------------------------------------------ Name: libvorbis Date: 2007-07-27 Severity: Medium Warning #: 2007-#34 ------------------------------------------------------------ Product Background =================== Vorbis codec library Problem Background =================== Previous versions of the libvorbis package contain multiple vulnerabilities, including a heap overwrite, read violations, and a function pointer overwrite. Impact ================== An attacker may exploit these vulnerabilities to cause a denial of service and,possibly, to execute arbitrary code. Problem Packages =================== Package: libvorbis Repo: current Group: lib Unsafe: < 1.2.0 Safe: >= 1.2.0 Package Fix =================== Upgrade to 1.2.0 =================== Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html Reference(s) =================== http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029 |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Friday, 27 July 2007, 21:42 GMT
Reason for closing: Fixed
Additional comments about closing: pkg updated
Friday, 27 July 2007, 21:42 GMT
Reason for closing: Fixed
Additional comments about closing: pkg updated