Debian
mp3splt package

mp3splt 2.6.2+20170630-2 source package in Debian

Changelog

mp3splt (2.6.2+20170630-2) unstable; urgency=medium

  * Properly zero the ogg and vorbis state structures after they are malloc'd.
    This fixes the second issue that was indicated in CVE-2017-11333, which
    isn't actually the fault of libvorbis.  It's caused by the libmp3splt ogg
    plugin unwinding when the error in the test file is detected, and calling
    vorbis_block_clear() on an uninitialised vorbis_block struct before the
    call to vorbis_block_init() occurs.  Similar things would go badly for the
    other uninitialised structs if this one didn't explode first.

 -- Ron Lee <email address hidden>  Wed, 27 Sep 2017 03:21:24 +0930

Upload details

Uploaded by:
Ron Lee
Uploaded to:
Sid
Original maintainer:
Ron Lee
Architectures:
any
Section:
sound
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
mp3splt_2.6.2+20170630-2.dsc 2.2 KiB b4331c57a85979accd235b4efefca9e47e2eb06d531a54a1710482d5903a67f9
mp3splt_2.6.2+20170630.orig.tar.gz 1.9 MiB 20d940415759735549dbc5b9a974aaaba8fddb41572a0b7e3535de6e4b375e44
mp3splt_2.6.2+20170630-2.diff.gz 6.0 KiB 7d60901dd0495c710d3f51b933bc1cedafb4eca612578cdc0f6f9ede0ceff207

Available diffs

No changes file available.

Binary packages built by this source