mp3splt 2.6.2+20170630-2 source package in Debian
Changelog
mp3splt (2.6.2+20170630-2) unstable; urgency=medium * Properly zero the ogg and vorbis state structures after they are malloc'd. This fixes the second issue that was indicated in CVE-2017-11333, which isn't actually the fault of libvorbis. It's caused by the libmp3splt ogg plugin unwinding when the error in the test file is detected, and calling vorbis_block_clear() on an uninitialised vorbis_block struct before the call to vorbis_block_init() occurs. Similar things would go badly for the other uninitialised structs if this one didn't explode first. -- Ron Lee <email address hidden> Wed, 27 Sep 2017 03:21:24 +0930
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
mp3splt_2.6.2+20170630-2.dsc | 2.2 KiB | b4331c57a85979accd235b4efefca9e47e2eb06d531a54a1710482d5903a67f9 |
mp3splt_2.6.2+20170630.orig.tar.gz | 1.9 MiB | 20d940415759735549dbc5b9a974aaaba8fddb41572a0b7e3535de6e4b375e44 |
mp3splt_2.6.2+20170630-2.diff.gz | 6.0 KiB | 7d60901dd0495c710d3f51b933bc1cedafb4eca612578cdc0f6f9ede0ceff207 |
Available diffs
- diff from 2.6.2-0.1 to 2.6.2+20170630-2 (1.8 MiB)
No changes file available.