Bug 20051

Summary: heap overflow in VOC and AIFF file parsers (CVE-2009-1788, CVE-2009-1791)
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: libsndfileAssignee: Valery Inozemtsev <shrek>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: shrek
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/rel_20.html

Description Vladimir Lettiev 2009-05-15 10:33:07 MSD
Обнаружены ошибки переполнения буфера в парсере VOC-файлов (Tobias Klein, http://www.trapkit.de/ ) и парсере AIFF-файлов (Erik de Castro Lopo, http://www.mega-nerd.com/erikd/Blog/ )
Upstream выпустил исправления в новой версии 1.0.20
Comment 1 Repository Robot 2009-05-15 18:51:38 MSD
libsndfile-1.0.20-alt1 -> sisyphus:

* Fri May 15 2009 Valery Inozemtsev <shrek@altlinux> 1.0.20-alt1

- fixed potential heap overflow in VOC file parser (closes: #20051)
Comment 2 Vladimir Lettiev 2009-05-17 00:18:59 MSD
ok
Comment 3 Vladimir Lettiev 2009-05-25 20:19:40 MSD
closed