Bug#510205: buffer overflow in libaudiofile

2009-06-16 Thread Marc Deslauriers
The SUSE update simply contains the patch from: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205#17 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#510205: buffer overflow in libaudiofile

2009-05-06 Thread Michael S. Gilbert
hi, any news on this one? since this is being tracked with critical severity, it really should be handled as swiftly as possible (it's been six months now since the original disclosure). suse has issued updates for CVE-2008-5824, perhaps their patches may be helpful [1]. thanks. mike [1]

Bug#510205: buffer overflow in libaudiofile

2009-04-06 Thread Nico Golde
Hi, what is the current status of this bug, anyone still working on this? Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpoDfhsAleKB.pgp Description: PGP signature

Bug#510205: buffer overflow in libaudiofile

2009-01-12 Thread Matthias Drochner
It seems the root of the bug is some misunderstanding between the parsing and the decoding code about samples/frames per block. What is parsed as samplesPerBlock in the .wav file is a _frame_ count in reality, if we follow what seem to be libaudiofile's conventions. If you just decode less

Processed: Re: Bug#510205: buffer overflow in libaudiofile

2009-01-03 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: tags 510205 + patch Bug#510205: buffer overflow in libaudiofile Tags were: security Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian

Bug#510205: buffer overflow in libaudiofile

2009-01-03 Thread Daniel Kobras
tags 510205 + patch thanks Hi! On Tue, Dec 30, 2008 at 02:28:58PM +0100, Max Kellermann wrote: Today, the Music Player Daemon project received a bug report from Anton Khirnov: MPD crashed when attempting to play a WAV file. file says: RIFF (little-endian) data, WAVE audio, Microsoft

Bug#510205: buffer overflow in libaudiofile

2008-12-30 Thread Max Kellermann
Package: libaudiofile0 Version: 0.2.6-6 Severity: critical Today, the Music Player Daemon project received a bug report from Anton Khirnov: MPD crashed when attempting to play a WAV file. file says: RIFF (little-endian) data, WAVE audio, Microsoft ADPCM, stereo 44100 Hz The MPD bug report:

Bug#510205: buffer overflow in libaudiofile

2008-12-30 Thread Daniel Kobras
Hi! On Tue, Dec 30, 2008 at 02:28:58PM +0100, Max Kellermann wrote: Solution: don't use libaudiofile. Change libaudiofile to allocate the correct buffer size. Add buffer size checks to libaudiofile. Many thanks for investigating and the detailed report. I'll try to get the buffer allocation