Sync flac 1.3.0-3 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
flac (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync flac 1.3.0-3 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: arbitrary code execution via crafted .flac file
- debian/
src/
- CVE-2014-8962
* SECURITY UPDATE: arbitrary code execution via crafted .flac file
- debian/
in src/libFLAC/
- CVE-2014-9028
This security fixes were done in Debian.
Changelog entries since current vivid version 1.3.0-2ubuntu1:
flac (1.3.0-3) unstable; urgency=high
* Fixes for CVE-2014-8962 and CVE-2014-9028:
+ Backport three patches from upstream GIT repository:
- CVE-2014-
- CVE-2014-
- CVE-2014-
the former fix, but strictly speaking not the same vulnerability.
+ Closes: #770918.
+ Thanks Erik de Castro Lopo for the bug report and the upstream fixes!
-- Fabian Greffrath <email address hidden> Thu, 27 Nov 2014 16:52:51 +0100
Changed in flac (Ubuntu): | |
importance: | Undecided → Wishlist |
This bug was fixed in the package flac - 1.3.0-3
Sponsored for Logan Rosen (logan)
---------------
flac (1.3.0-3) unstable; urgency=high
* Fixes for CVE-2014-8962 and CVE-2014-9028: 8962.patch: Fix a buffer read overflow. 9028.patch: Avoid a heap overflow. 9028-2. patch: Avoid a heap overflow. Closely related to
+ Backport three patches from upstream GIT repository:
- CVE-2014-
- CVE-2014-
- CVE-2014-
the former fix, but strictly speaking not the same vulnerability.
+ Closes: #770918.
+ Thanks Erik de Castro Lopo for the bug report and the upstream fixes!
-- Fabian Greffrath <email address hidden> Thu, 27 Nov 2014 16:52:51 +0100