GNU bug report logs - #36909
CVE-2017-837{2,3,4} patches for libmad from Debian

Previous Next

Package: guix;

Reported by: marit <at> secmail.pro

Date: Sat, 3 Aug 2019 15:18:02 UTC

Severity: important

Tags: security

Merged with 36910

Done: Mark H Weaver <mhw <at> netris.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: marit <at> secmail.pro
To: bug-guix <at> gnu.org
Subject: bug#36909: CVE-2017-837{2,3,4} patches for libmad from Debian
Date: Sat, 3 Aug 2019 05:12:24 -0700

Package: libmad
Version: 0.15.1b
Tags: security
Severity: important

Hello!
I think that package "libmad" should be updated to include fixes for the
following vulnerabilities:
https://security-tracker.debian.org/tracker/CVE-2017-8372,
https://security-tracker.debian.org/tracker/CVE-2017-8373,
https://security-tracker.debian.org/tracker/CVE-2017-8374.
This can be done by applying md_size.diff from Debian and replacing
libmad-frame-length.patch with length-check.diff from Debian.

This bug report was last modified 5 years and 354 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #36909 CVE-2017-837{2,3,4} patches for libmad from Debian

GNU bug report logs - #36909
CVE-2017-837{2,3,4} patches for libmad from Debian