CVE-2017-837{2,3,4} patches for libmad from Debian

DoneSubmitted by marit.
Details
3 participants
  • marit
  • Mark H Weaver
  • Glenn Morris
Owner
unassigned
Severity
important
Merged with
M
M
marit wrote on 3 Aug 2019 14:12
(address . bug-guix@gnu.org)
30c0beda6f616bb829c4590ee4367f7c.squirrel@giyzk7o6dcunb2ry.onion
Package: libmadVersion: 0.15.1bTags: securitySeverity: important
Hello!I think that package "libmad" should be updated to include fixes for thefollowing vulnerabilities:https://security-tracker.debian.org/tracker/CVE-2017-8372,https://security-tracker.debian.org/tracker/CVE-2017-8373,https://security-tracker.debian.org/tracker/CVE-2017-8374.This can be done by applying md_size.diff from Debian and replacinglibmad-frame-length.patch with length-check.diff from Debian.
M
M
marit wrote on 3 Aug 2019 19:46
Merge #36910 and #36909
(address . control@debbugs.gnu.org)
ec6df7c6bd6fbdb86970aeb587ec4b33.squirrel@giyzk7o6dcunb2ry.onion
merge 36909 36910# #36910 is a duplicate of #36909, submitted by mistake.
G
G
Glenn Morris wrote on 3 Aug 2019 19:47
control message for bug 36910
(address . control@debbugs.gnu.org)
E1hty89-0003mS-E1@fencepost.gnu.org
merge 36909 36910
G
G
Glenn Morris wrote on 3 Aug 2019 19:48
control message for bug 36909
(address . control@debbugs.gnu.org)
E1hty8P-0003mz-1E@fencepost.gnu.org
reassign 36909 guix
M
M
Mark H Weaver wrote on 6 Aug 2019 09:27
Re: bug#36909: CVE-2017-837{2,3,4} patches for libmad from Debian
(address . marit@secmail.pro)(address . 36909-done@debbugs.gnu.org)
87sgqen46t.fsf@netris.org
Hi,
marit@secmail.pro wrote:
Toggle quote (8 lines)> I think that package "libmad" should be updated to include fixes for the> following vulnerabilities:> https://security-tracker.debian.org/tracker/CVE-2017-8372,> https://security-tracker.debian.org/tracker/CVE-2017-8373,> https://security-tracker.debian.org/tracker/CVE-2017-8374.> This can be done by applying md_size.diff from Debian and replacing> libmad-frame-length.patch with length-check.diff from Debian.
I've applied the updates that you recommended in commitaac6c53a7bc9a8d22e88a490ebc99ec79d64a05b on our 'master' branch.
Thanks very much for bringing this to our attention.
Best, Mark
Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 36909@debbugs.gnu.org