Univention Bugzilla – Bug 47561
taglib: Multiple issues (4.2)
Last modified: 2018-08-15 16:20:51 CEST
New Debian taglib 1.9.1-2.1+deb8u1 fixes: This update addresses the following issue(s): * * The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. (CVE-2018-11439) 1.9.1-2.1+deb8u1 (Wed, 18 Jul 2018 10:03:02 +0200) * Non-maintainer upload by the LTS Team. * CVE-2018-11439 Fix for a heap-based buffer over-read via a crafted audio file. * CVE-2018-11439 taglib: heap-based buffer over-read via a crafted audio file (CVE-2018-11439)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/taglib_1.9.1-2.1.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/taglib_1.9.1-2.1+deb8u1.dsc @@ -1,3 +1,9 @@ +1.9.1-2.1+deb8u1 [Wed, 18 Jul 2018 10:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-11439 + Fix for a heap-based buffer over-read via a crafted audio file. + 1.9.1-2.1 [Thu, 26 Jun 2014 13:15:27 +0100] Anibal Monsalve Salazar <anibal@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.2-4/#5992582703193684217>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] 2470c24a79 Bug #47561: taglib 1.9.1-2.1+deb8u1 doc/errata/staging/taglib.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) [4.2-4] 28d660c48c Bug #47561: taglib 1.9.1-2.1+deb8u1 doc/errata/staging/taglib.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.2/482.html>