Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#7691 - Warning on libvorbis

Attached to Project: Arch Linux
Opened by DaNiMoTh (DaNiMoTh) - Friday, 27 July 2007, 19:14 GMT
Last edited by Andreas Radke (AndyRTR) - Friday, 27 July 2007, 21:42 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity Medium
Priority Normal
Reported Version 2007.05 Duke
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details


------------------------------------------------------------
Arch Linux Security Warning ALSW 2007-#34
------------------------------------------------------------

Name: libvorbis
Date: 2007-07-27
Severity: Medium
Warning #: 2007-#34

------------------------------------------------------------

Product Background
===================
Vorbis codec library

Problem Background
===================
Previous versions of the libvorbis package contain multiple vulnerabilities, including a heap overwrite, read violations, and a function pointer overwrite.

Impact
==================
An attacker may exploit these vulnerabilities to cause a denial of service and,possibly, to execute arbitrary code.

Problem Packages
===================
Package: libvorbis
Repo: current
Group: lib
Unsafe: < 1.2.0
Safe: >= 1.2.0

Package Fix
===================
Upgrade to 1.2.0

===================

Unofficial ArchLinux Security Bug Tracker:
http://jjdanimoth.netsons.org/alsw.html

Reference(s)
===================
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Friday, 27 July 2007, 21:42 GMT
Reason for closing:  Fixed
Additional comments about closing:  pkg updated

Loading...