Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1091e88e by Markus Koschany at 2018-02-10T22:40:04+01:00 CVE-2016-2541,audacity: Wheezy is not affected This version builds against the system library of libmad. The embedded code copy was apparently removed. Not sure if Debian's system library is vulnerable or if this issue is already reported as one of the open CVEs against libmad. - - - - - 6dda1438 by Markus Koschany at 2018-02-10T22:51:17+01:00 Is CVE-2017-8373 and CVE-2017-8372 related to CVE-2016-2541? - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -44304,6 +44304,7 @@ CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.1 NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/ NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it NOTE: "Duplicate with"/basically same as CVE-2017-8372 + NOTE: Is this related to CVE-2016-2541? CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...) - libmad 0.15.1b-9 (bug #287519) NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/ @@ -91329,6 +91330,7 @@ CVE-2016-3171 (Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x b NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19 CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial of ...) - audacity 2.1.2-1 + [wheezy] - audacity <not-affected> (vulnerable code not present) NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2 NOTE: https://github.com/audacity/audacity/commit/85026f98958a8dcc09188be24a8db0385988e23f CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/45070c03a838aa510e0aee109341015dd5b9a239...6dda1438a4e2a8bbea92cdea54f41e8b33064c79 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/45070c03a838aa510e0aee109341015dd5b9a239...6dda1438a4e2a8bbea92cdea54f41e8b33064c79 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits