Package: libsndfile
Version: 1.0.16-1
Severity: grave
Tags: security
Hi,
a CVE was published for libsndfile.
CVE-2007-4974[0]:
Heap-based buffer overflow in libsndfile 1.0.17 and earlier
might allow remote attackers to execute arbitrary code via a
FLAC file with crafted PCM data containing a
Nico Golde wrote:
If you fix this bug please include the CVE id in the
changelog data.
I has already beedn fixed, so there is no mention of the CVE id
in the changelog.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4974
Err, that URL doesn't give me anything useful.
Erik
--
Erik de Castro Lopo wrote:
Nico Golde wrote:
If you fix this bug please include the CVE id in the
changelog data.
I has already beedn fixed, so there is no mention of the CVE id
in the changelog.
Do you mean that it is already fixed in the version that Debian is
shipping (1.0.17)???
Hi,
* Erik de Castro Lopo [EMAIL PROTECTED] [2007-09-21 02:16]:
Nico Golde wrote:
If you fix this bug please include the CVE id in the
changelog data.
I has already beedn fixed, so there is no mention of the CVE id
in the changelog.
At least 1.0.17-3, testing and stable were
Nico Golde wrote:
Hi,
* Erik de Castro Lopo [EMAIL PROTECTED] [2007-09-21 02:16]:
Nico Golde wrote:
If you fix this bug please include the CVE id in the
changelog data.
I has already beedn fixed, so there is no mention of the CVE id
in the changelog.
At least 1.0.17-3,
5 matches
Mail list logo
