CVE patches for libmad

marit wrote on 3 Aug 2019 14:56

Recipients:(address . bug-guix@gnu.org)

Message-ID:22bbbfa18093ff3ba1351145a9fe8733.squirrel@giyzk7o6dcunb2ry.onion

Package: libmadVersion: 0.15.1bTags: securitySeverity: important
Hello!
I think that package "libmad" should be updated to include fixes for thefollowing vulnerabilities: CVE-2017-8372, CVE-2017-8373, CVE-2017-8374.This can be done by applying md_size.diff and replacinglibmad-frame-length.patch with length-check.diff (*.diff are from DebianGNU/Linux).
Best regards!

marit wrote on 3 Aug 2019 19:46

Merge #36910 and #36909

Recipients:(address . control@debbugs.gnu.org)

Message-ID:ec6df7c6bd6fbdb86970aeb587ec4b33.squirrel@giyzk7o6dcunb2ry.onion

merge 36909 36910# #36910 is a duplicate of #36909, submitted by mistake.

Glenn Morris wrote on 3 Aug 2019 19:47

control message for bug 36910

Recipients:(address . control@debbugs.gnu.org)

Message-ID:E1hty89-0003mS-E1@fencepost.gnu.org

merge 36909 36910

Glenn Morris wrote on 3 Aug 2019 19:48

control message for bug 36909

Recipients:(address . control@debbugs.gnu.org)

Message-ID:E1hty8P-0003mz-1E@fencepost.gnu.org

reassign 36909 guix

Your comment

This issue is archived.

To comment on this conversation send email to 36910@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date