Hi Kurt, * Kurt Roeckx <[EMAIL PROTECTED]> [2008-05-08 19:03]: > On Thu, May 08, 2008 at 05:44:54PM +0200, Nico Golde wrote: > > Package: libid3tag > > Version: 0.15.1b-10 > > Severity: important > > Tags: security patch > > > > Hi, > > the following CVE (Common Vulnerabilities & Exposures) id was > > published for libid3tag. > > I believe this is the same as #304913 and is fixed in version > 0.15.1b-5. The diff is at a deeper level than what they did. > They prevent calling id3_parse_string() again, while our > id3_utf16_deserialize() called by id3_parse_string() just makes > sure it's not called again by increasing ptr by one. > > The test.mp3 from the gentoo bug report atleast also shows the OOM > behaviour with version 0.15.1b-4.1 and doesn't show the problem with > 0.15.1b-10. > > Note that we changed the diff we used in 0.15.1b-5 because > it could cause a segfault, and it was rewritten in 0.15.1b-8.
Thanks for pointing this out, you are right, this is the same issue. ID3_FIELD_TYPE_STRINGLIST is a single-line unicode string. There is also a duplicate bug of http://bugzilla.gnome.org/show_bug.cgi?id=162647 which describes exactly this: http://bugzilla.gnome.org/show_bug.cgi?id=300791 Going to mark 0.15.1b-8 as the fixed version, feel free to close the bug. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpYrV346JDJY.pgp
Description: PGP signature
