GNU bug report logs - #36910
CVE patches for libmad

Previous Next

Package: guix;

Reported by: marit <at> secmail.pro

Date: Sat, 3 Aug 2019 15:18:03 UTC

Severity: important

Tags: security

Merged with 36909

Done: Mark H Weaver <mhw <at> netris.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 36910 in the body.
You can then email your comments to 36910 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to help-debbugs <at> gnu.org:
bug#36910; Package libmad. (Sat, 03 Aug 2019 15:18:03 GMT) Full text and rfc822 format available.
Acknowledgement sent to marit <at> secmail.pro:
New bug report received and forwarded. Copy sent to help-debbugs <at> gnu.org. (Sat, 03 Aug 2019 15:18:03 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: marit <at> secmail.pro
To: bug-guix <at> gnu.org
Subject: CVE patches for libmad
Date: Sat, 3 Aug 2019 05:56:31 -0700

Package: libmad
Version: 0.15.1b
Tags: security
Severity: important

Hello!

I think that package "libmad" should be updated to include fixes for the
following vulnerabilities: CVE-2017-8372, CVE-2017-8373, CVE-2017-8374.
This can be done by applying md_size.diff and replacing
libmad-frame-length.patch with length-check.diff (*.diff are from Debian
GNU/Linux).

Best regards!
Merged 36909 36910. Request was from marit <at> secmail.pro to control <at> debbugs.gnu.org. (Sat, 03 Aug 2019 17:47:01 GMT) Full text and rfc822 format available.
Merged 36909 36910. Request was from Glenn Morris <rgm <at> gnu.org> to control <at> debbugs.gnu.org. (Sat, 03 Aug 2019 17:48:02 GMT) Full text and rfc822 format available.
bug reassigned from package 'libmad' to 'guix'. Request was from Glenn Morris <rgm <at> gnu.org> to control <at> debbugs.gnu.org. (Sat, 03 Aug 2019 17:49:02 GMT) Full text and rfc822 format available.
bug No longer marked as found in versions 0.15.1b. Request was from Glenn Morris <rgm <at> gnu.org> to control <at> debbugs.gnu.org. (Sat, 03 Aug 2019 17:49:02 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 03 Sep 2019 11:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 5 years and 351 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.