Changelog
libmad (0.15.1b-8+deb9u1) stretch-security; urgency=high
* Properly check the size of the main data. The previous patch
only checked that it could fit in the buffer, but didn't ensure there
was actually enough room free in the buffer. This was assigned both
CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
different way to detect it. (Closes: #287519)
* Rewrite patch to check the size of buffer. It now checks it before reading
it instead of afterwards checking that we did read too much. This now also
covers parsing the frame and layer3, not just layer 1 and 2. This was
original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
-- Kurt Roeckx <email address hidden> Tue, 01 May 2018 13:20:28 +0200