GNU bug report logs - #49817
[PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sun, 1 Aug 2021 22:33:01 UTC

Severity: normal

Tags: patch, security

Done: Andreas Enge <andreas <at> enge.fr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Bruno Victal <mirai <at> makinata.eu>
To: Leo Famulari <leo <at> famulari.name>
Cc: 49817 <at> debbugs.gnu.org
Subject: [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].
Date: Sun, 2 Apr 2023 13:59:16 +0100

Hi Leo,

On 2021-08-01 23:31, Leo Famulari wrote:
> CVE-2021-3246 is "A heap buffer overflow vulnerability in msadpcm_decode_block
> of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted
> WAV file."
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3246

What's blocking this from being merged?
(Perhaps it's also a chance to plug it into core-updates to avoid adding the variants?)

Cheers,
Bruno

This bug report was last modified 2 years and 24 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #49817 [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].

GNU bug report logs - #49817
[PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].