Package: gst-plugins-bad0.10 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for gst-plugins-bad0.10.
CVE-2009-1438[0]: | Integer overflow in the CSoundFile::ReadMed function | (src/load_med.cpp) in libmodplug before 0.8.6, as used in | gstreamer-plugins and other products, allows context-dependent | attackers to execute arbitrary code via a MED file with a crafted (1) | song comment or (2) song name, which triggers a heap-based buffer | overflow. Since you embedd this package in your sources.... The upstream patch is available on: http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.2&view=patch If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1438 http://security-tracker.debian.net/tracker/CVE-2009-1438 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpDqkify61Qx.pgp
Description: PGP signature
_______________________________________________ Pkg-gstreamer-maintainers mailing list Pkg-gstreamer-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-gstreamer-maintainers
