Package: libid3tag Version: 0.15.1b-10 Severity: important Tags: security patch
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libid3tag. CVE-2008-2109[0]: | field.c in the libid3tag 0.15.0b library allows context-dependent | attackers to cause a denial of service (CPU consumption) via an | ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an | infinite loop. Patch: http://bugs.gentoo.org/attachment.cgi?id=143858 If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2109 http://security-tracker.debian.net/tracker/CVE-2008-2109 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp1NfZNtL8Hq.pgp
Description: PGP signature
