Publishing details

• Published on 2018-06-23

Changelog

libmad (0.15.1b-8+deb8u1) jessie-security; urgency=high

  * Properly check the size of the main data. The previous patch
    only checked that it could fit in the buffer, but didn't ensure there
    was actually enough room free in the buffer. This was assigned both
    CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
    different way to detect it. (Closes: #287519)
  * Rewrite patch to check the size of buffer. It now checks it before reading
    it instead of afterwards checking that we did read too much. This now also
    covers parsing the frame and layer3, not just layer 1 and 2. This was
    original reported in #508133. CVE-2017-8374 mentions a case in layer 3.

 -- Kurt Roeckx <email address hidden>  Tue, 01 May 2018 13:20:28 +0200

Builds

Package files

• libmad_0.15.1b-8+deb8u1.diff.gz (13.2 KiB)
• libmad_0.15.1b-8+deb8u1.dsc (1.9 KiB)
• libmad_0.15.1b.orig.tar.gz (490.6 KiB)