Page MenuHomeSolus
Differential D788

Update mpg123 to 1.25.6 for CVE-2017-12797
ClosedPublic
Actions

Authored by kyrios123 on Aug 9 2017, 9:23 AM.
Tags
Referenced Files
F11027989: D788.id1726.diff
Wed, Aug 9, 5:33 AM
F11015582: D788.id1726.diff
Sat, Aug 5, 12:48 PM
F10994506: D788.diff
Tue, Jul 25, 11:17 PM
F10985459: D788.id1762.diff
Sun, Jul 23, 9:38 PM
F10873722: D788.id1762.diff
Jun 19 2023, 5:05 PM
F10873708: D788.id1726.diff
Jun 19 2023, 5:01 PM
F10833493: D788.id1726.diff
Jun 6 2023, 10:58 PM
F10766143: D788.id1762.diff
May 19 2023, 4:55 PM
View All 11 Files
Subscribers
sunnyflunk

Details

Reviewers
sunnyflunk
Group Reviewers
Triage Team
Commits
R2106:09388f761123: Update mpg123 to 1.25.6 for CVE-2017-12797
Summary
  • Fixes CVE-2017-12797
  • Hotfix for bug 255: Overflow reading frame data bits in layer II decoding. Now, all-zero data is returned if the frame data is exhausted. This might have a slight impact on performance, but not easily measurable so far.
  • There was a longer-lasting buffer read overflow in the ID3 parser because code added in 2008 did not take care of possible integer overflow in an addition on platforms where long is 32 bits wide. This has been reported as bug 254. Upgrade on 32 bit platforms highly recommened, of course. We are still not talking about something nasty like code injection, but possible denial of service, although it was only recently discovered by the AddressSanitizer.

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan

mpg123 wave.mp3

Diff Detail

Repository
R2106 mpg123
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kyrios123 created this revision.Aug 9 2017, 9:23 AM
Herald added a reviewer: Triage Team. · View Herald TranscriptAug 9 2017, 9:23 AM
kyrios123 updated this revision to Diff 1762.Aug 11 2017, 7:43 PM
kyrios123 retitled this revision from Update mpg123 to 1.25.5 to Update mpg123 to 1.25.6.
kyrios123 edited the summary of this revision. (Show Details)

bump to 1.25.6

kyrios123 retitled this revision from Update mpg123 to 1.25.6 to Update mpg123 to 1.25.6 for CVE-2017-12797.Sep 5 2017, 9:16 AM
kyrios123 edited the summary of this revision. (Show Details)
kyrios123 added a project: Restricted Project.
sunnyflunk accepted this revision.Sep 5 2017, 12:16 PM
sunnyflunk added a subscriber: sunnyflunk.

LGTM, thanks

This revision is now accepted and ready to land.Sep 5 2017, 12:16 PM
Closed by commit R2106:09388f761123: Update mpg123 to 1.25.6 for CVE-2017-12797 (authored by kyrios123, committed by sunnyflunk). · Explain WhySep 5 2017, 12:24 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
6 lines
16 lines

Diff 2100

View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.