Re: [blfs-book] [BLFS Trac] #9501: mpg123-1.25.3

Sun, 30 Jul 2017 14:08:27 -0700 

#9501: mpg123-1.25.3
-------------------------+-----------------------
 Reporter:  bdubbs@…     |       Owner:  bdubbs@…
     Type:  enhancement  |      Status:  assigned
 Priority:  normal       |   Milestone:  8.1
Component:  BOOK         |     Version:  SVN
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+-----------------------

Comment (by bdubbs@…):

 1.25.3

  libmpg123:
  - Better checks for xrpnt overflow in III_dequantize_sample() before each
    use, avoiding false positives and catching cases that were rendered
    harmless by alignment-enlarged buffers.

 1.25.2

 - libmpg123:
    - Extend pow tables for layer III to properly handle files with
 i-stereo and
    5-bit scalefactors. Never observed them for real, just as fuzzed input
 to
    trigger the read overflow. Note: This one goes on record as
 CVE-2017-11126,
    calling remote denial of service. While the accesses are out of bounds
 for
    the pow tables, they still are safely within libmpg123's memory (other
    static tables). Just wrong values are used for computation, no actual
 crash
    unless you use something like GCC's AddressSanitizer, nor any
 information
    disclosure.
 - Avoid left-shifts of negative integers in layer I decoding.

 1.25.1: Hot Fuzz

 libmpg123:
  - Avoid memset(NULL, 0, 0) to calm down the paranoid.
  - Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
    offset from the frame flag bytes (unnoticed in practice for a long
    time). Fuzzers are in the house again. This one got CVE-2017-10683.
  - Avoid a mostly harmless conditional jump depending on uninitialised
    fr->lay in compute_bpf() (mpg123_position()) when track is not ready
 yet.
  - Fix undefined shifts on signed long mask in layer3.c (worked in
 practice,
    never right in theory). Code might be a bit faster now, even.
    Thanks to Agostino Sarubbo for reporting.

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/9501#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to