Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=0773fbc67ab9f1f261313fd60038f2e90ea0542c
commit 0773fbc67ab9f1f261313fd60038f2e90ea0542c Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Mon May 5 14:45:48 2008 +0200 FSA439-vorbis-tools diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 96218ab..9e7f27c 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -27,6 +27,18 @@ <fsas> <fsa> + <id>439</id> + <date>2008-05-05</date> + <package>vorbis-tools</package> + <vulnerable>1.1.1-3</vulnerable> + <unaffected>1.1.1-4kalgan1</unaffected> + <bts>http://bugs.frugalware.org/task/3032</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686</cve> + <desc>A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a vulnerable system. + The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. + Successful exploitation may allow execution of arbitrary code.</desc> + </fsa> + <fsa> <id>438</id> <date>2008-05-05</date> <package>xine-lib</package> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
