[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2016-2541, audacity: Wheezy is not affected

Sat, 10 Feb 2018 13:52:58 -0800 

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1091e88e by Markus Koschany at 2018-02-10T22:40:04+01:00
CVE-2016-2541,audacity: Wheezy is not affected

This version builds against the system library of libmad. The embedded code
copy was apparently removed. Not sure if Debian's system library is 
vulnerable
or if this issue is already reported as one of the open CVEs against libmad.

- - - - -
6dda1438 by Markus Koschany at 2018-02-10T22:51:17+01:00
Is CVE-2017-8373 and CVE-2017-8372 related to CVE-2016-2541?

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -44304,6 +44304,7 @@ CVE-2017-8373 (The mad_layer_III function in layer3.c 
in Underbit MAD libmad 0.1
        NOTE: 
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
        NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed 
it
        NOTE: "Duplicate with"/basically same as CVE-2017-8372
+       NOTE: Is this related to CVE-2016-2541?
 CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 
0.15.1b, ...)
        - libmad 0.15.1b-9 (bug #287519)
        NOTE: 
https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
@@ -91329,6 +91330,7 @@ CVE-2016-3171 (Drupal 6.x before 6.38, when used with 
PHP before 5.4.45, 5.5.x b
        NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
 CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial 
of ...)
        - audacity 2.1.2-1
+       [wheezy] - audacity <not-affected> (vulnerable code not present)
        NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
        NOTE: 
https://github.com/audacity/audacity/commit/85026f98958a8dcc09188be24a8db0385988e23f
 CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial 
of ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/45070c03a838aa510e0aee109341015dd5b9a239...6dda1438a4e2a8bbea92cdea54f41e8b33064c79

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/45070c03a838aa510e0aee109341015dd5b9a239...6dda1438a4e2a8bbea92cdea54f41e8b33064c79
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to