This bug was fixed in the package mpg123 - 1.25.13-1ubuntu0.2
---------------
mpg123 (1.25.13-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: incomplete fix for OOB write (LP: #2089680)
- debian/patches/CVE-2024-10573-2.patch: safeguard against attempts to
decode if decoder setup failed and user ignored the returned error
code in src/libmpg123/format.c, src/libmpg123/frame.h,
src/libmpg123/libmpg123.c, src/mpg123.c.
- CVE-2024-10573
-- Marc Deslauriers <[email protected]> Tue, 26 Nov 2024
10:23:12 -0500
** Changed in: mpg123 (Ubuntu Focal)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-10573
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to mpg123 in Ubuntu.
https://bugs.launchpad.net/bugs/2089680
Title:
Insufficient fix for CVE-2024-10573
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mpg123/+bug/2089680/+subscriptions
--
desktop-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
