** Changed in: audiofile (Ubuntu Jaunty)
Assignee: (unassigned) = ozzie (toplisowen7)
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code via a crafted WAV file
https://bugs.launchpad.net/bugs/527033
You received this bug notification because
** Changed in: audiofile (Ubuntu Jaunty)
Assignee: ozzie (toplisowen7) = (unassigned)
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code via a crafted WAV file
https://bugs.launchpad.net/bugs/527033
You received this bug notification because
This bug was fixed in the package audiofile - 0.2.6-7ubuntu2.1
---
audiofile (0.2.6-7ubuntu2.1) karmic-security; urgency=high
* SECURITY UPDATE: Heap-based buffer overflow in msadpcm.c in libaudiofile
in audiofile 0.2.6 allows context-dependent attackers to cause a denial
This bug was fixed in the package audiofile - 0.2.6-7ubuntu1.8.04.1
---
audiofile (0.2.6-7ubuntu1.8.04.1) hardy-security; urgency=low
* SECURITY UPDATE: Heap-based buffer overflow in msadpcm.c in libaudiofile
in audiofile 0.2.6 allows context-dependent attackers to cause a
This bug was fixed in the package audiofile - 0.2.6-7ubuntu1.9.04.1
---
audiofile (0.2.6-7ubuntu1.9.04.1) jaunty-security; urgency=low
* SECURITY UPDATE: Heap-based buffer overflow in msadpcm.c in libaudiofile
in audiofile 0.2.6 allows context-dependent attackers to cause a
This bug was fixed in the package audiofile - 0.2.6-7ubuntu1.8.10.1
---
audiofile (0.2.6-7ubuntu1.8.10.1) intrepid-security; urgency=low
* SECURITY UPDATE: Heap-based buffer overflow in msadpcm.c in libaudiofile
in audiofile 0.2.6 allows context-dependent attackers to cause a
** Branch linked: lp:ubuntu/hardy-security/normalize-audio
** Branch linked: lp:ubuntu/dapper-security/normalize-audio
** Branch linked: lp:ubuntu/karmic-security/normalize-audio
** Branch linked: lp:ubuntu/jaunty-security/normalize-audio
** Branch linked:
What about dapper? Stefan, could you prepare fix for dapper?
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code via a crafted WAV file
https://bugs.launchpad.net/bugs/527033
You received this bug notification because you are a member of Ubuntu
Dapper was publishedthe status doesn't get changed automatically for
dapper packages.
** Changed in: audiofile (Ubuntu Dapper)
Status: Confirmed = Fix Released
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code via a crafted WAV file
Untested (My dapper vm is awol)
** Attachment added: audiofile-dapper.debdiff
http://launchpadlibrarian.net/40412257/audiofile-dapper.debdiff
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code via a crafted WAV file
Normalize audio. Untested again (apart from patching and building)
** Attachment added: dapper-normalize-audio.debdiff
http://launchpadlibrarian.net/40412285/dapper-normalize-audio.debdiff
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code
Should be all patches. Sec team can test and upload. If there's anything
else, plpease let me know
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code via a crafted WAV file
https://bugs.launchpad.net/bugs/527033
You received this bug notification
0.2.6-7.1 has the fix and Lucid has 0.2.6-8ubuntu1. Marking Lucid task
as 'Invalid'.
** Also affects: audiofile (Ubuntu Lucid)
Importance: Medium
Assignee: Stefan Lesicnik (stefanlsd)
Status: Confirmed
** Changed in: audiofile (Ubuntu Lucid)
Status: Confirmed = Invalid
**
Karmic diff for audiofile is in branch (linked at top of this report),
attached is patch for normalize-audio for karmic
ldd /usr/bin/normalize-audio
linux-vdso.so.1 = (0x7fffb5894000)
libmad.so.0 = /usr/lib/libmad.so.0 (0x7f5f8244c000)
libaudiofile.so.0 =
** Tags added: patch
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code via a crafted WAV file
https://bugs.launchpad.net/bugs/527033
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
Above test done with the POC max_theme.wav
mdeslaur PoC: http://filebin.ca/meqmyu/max_theme.wav
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code via a crafted WAV file
https://bugs.launchpad.net/bugs/527033
You received this bug notification
Attaching debdiff for audiofile and normalize-audio for hardy. These
are applicable to hardy, intrepid, jaunty (same versions).
** Attachment added: hardy-audiofile.debdiff
http://launchpadlibrarian.net/39960849/hardy-audiofile.debdiff
--
CVE-2008-5824 audiofile denial of service
normalize audio patch.
testing for hardy as follows
Before
normalize-audio max_theme.wav
Computing levels...
*** glibc detected *** normalize-audio: double free or corruption (out):
0x006162c0 ***
=== Backtrace: =
/lib/libc.so.6[0x7ffa4670b08a]
** Branch linked: lp:~stefanlsd/ubuntu/karmic/audiofile/merge-lenny1
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code via a crafted WAV file
https://bugs.launchpad.net/bugs/527033
You received this bug notification because you are a member of
** Also affects: audiofile (Ubuntu Dapper)
Importance: Undecided
Status: New
** Also affects: audiofile (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: audiofile (Ubuntu Karmic)
Importance: Undecided
Status: New
** Also affects: audiofile (Ubuntu
Two packages are currently affected. audiofile and normalize-audio.
Both are currently fixed for Lucid. Currently doing testing for Karmic.
--
CVE-2008-5824 audiofile denial of service (application crash) or possibly
execute arbitrary code via a crafted WAV file
This is fixed in Lucid already and CVE tracker can be updated.
** Changed in: audiofile (Ubuntu)
Importance: Undecided = Low
** Changed in: audiofile (Ubuntu)
Status: New = Confirmed
** Changed in: audiofile (Ubuntu)
Assignee: (unassigned) = Stefan Lesicnik (stefanlsd)
--
22 matches
Mail list logo
