Launchpad has imported 3 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=249780.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2007-07-26T23:23:55+00:00 Josh wrote: Multiple flaws have been found in libvorbis. These are fixed via libvorbis version 1.2.0. It should be noted that libvorbis 1.2.0 also fixes the issue described in bug 245991. The id number of each flaw is the subversion commit id. The descriptions were provided by Chris Montgomery. The libvorbis subversion repository is located here: http://svn.xiph.org/trunk/vorbis 13217: possible seek infinite loop in libvorbisfile 13215: multiplexed/non Vorbis stream support [heap read, potential heap write] 13211: better return value checking of seeks [heap read, potential heap write] 13179: check legal maximum blocksize [static array read] 13169,13170,13172: correctly handle codebooks with zero entires [heap read/write] 13168: low bitrate static mode declaration error [static read, heap read, potential heap write] 13151,13153,13154,13155,13167: residue decode vector overflow [heap read/write] 13162: static initializer declarations, check-before-free error fixes [heap read/write] 13149: check legal minimum blocksize [static array read] Reply at: https://bugs.launchpad.net/ubuntu/+source/libvorbis/+bug/185031/comments/0 ------------------------------------------------------------------------ On 2007-08-20T20:09:54+00:00 Josh wrote: Here is the breakdown of CVE id to libvorbis commit id mapping: CVE-2007-4065: 13217 (infinite loop) CVE-2007-4029 covers 2 issues with unknown commit IDs. According to Monty these two issues are the commit ids: 13151, 13154, 13155, 13167 and 13149, 13153, 13179 CVE-2007-4066: multiple flaws 13215: multiplexed/non Vorbis stream support [heap read, potential heap write] 13211: better return value checking of seeks [heap read, potential heap write] 13169,13170,13172: correctly handle codebooks with zero entires [heap read/write] 13168: low bitrate static mode declaration error [static read, heap read, potential heap write] 13162: static initializer declarations, check-before-free error fixes [heap read/write] Reply at: https://bugs.launchpad.net/ubuntu/+source/libvorbis/+bug/185031/comments/1 ------------------------------------------------------------------------ On 2008-01-17T15:47:49+00:00 Red wrote: This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0845.html http://rhn.redhat.com/errata/RHSA-2007-0912.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1765 Reply at: https://bugs.launchpad.net/ubuntu/+source/libvorbis/+bug/185031/comments/2 ** Changed in: libvorbis (Fedora) Importance: Unknown => High ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4029 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4065 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libvorbis in Ubuntu. https://bugs.launchpad.net/bugs/185031 Title: [libvorbis] [CVE-2007-4066] multiple buffer overflows in libvorbis before 1.2.0 Status in libvorbis package in Ubuntu: Fix Released Status in libvorbis source package in Dapper: Won't Fix Status in libvorbis package in Fedora: Fix Released Bug description: References: DSA-1471-1 (http://www.debian.org/security/2008/dsa-1471) Quoting CVE-2007-4066: "Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array." DSA-1471-1 also mentions CVE-2007-3106 and CVE-2007-4029, which have been fixed in USN-498-1. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvorbis/+bug/185031/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
