Debian
libmad package

libmad 0.15.1b-8+deb9u1 source package in Debian

Changelog

libmad (0.15.1b-8+deb9u1) stretch-security; urgency=high

  * Properly check the size of the main data. The previous patch
    only checked that it could fit in the buffer, but didn't ensure there
    was actually enough room free in the buffer. This was assigned both
    CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
    different way to detect it. (Closes: #287519)
  * Rewrite patch to check the size of buffer. It now checks it before reading
    it instead of afterwards checking that we did read too much. This now also
    covers parsing the frame and layer3, not just layer 1 and 2. This was
    original reported in #508133. CVE-2017-8374 mentions a case in layer 3.

 -- Kurt Roeckx <email address hidden>  Tue, 01 May 2018 13:20:28 +0200

Upload details

Uploaded by:
Mad Maintainers
Uploaded to:
Stretch
Original maintainer:
Mad Maintainers
Architectures:
any
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Stretch release main libs

Builds

Downloads

File Size SHA-256 Checksum
libmad_0.15.1b-8+deb9u1.dsc 1.9 KiB 022e21d5adaa93adb98b604b5aa444df85f55eb2365d9f26b340976b3ad7ebaa
libmad_0.15.1b.orig.tar.gz 490.6 KiB bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690
libmad_0.15.1b-8+deb9u1.diff.gz 13.2 KiB e9f0d81cfeea77e3e6b09ff153c65b6a3d5232382e70b7a754c447720d8a12c2

No changes file available.

Binary packages built by this source