This bug was fixed in the package flac - 1.3.0-3
Sponsored for Logan Rosen (logan)
---------------
flac (1.3.0-3) unstable; urgency=high
* Fixes for CVE-2014-8962 and CVE-2014-9028:
+ Backport three patches from upstream GIT repository:
- CVE-2014-8962.patch: Fix a buffer read overflow.
- CVE-2014-9028.patch: Avoid a heap overflow.
- CVE-2014-9028-2.patch: Avoid a heap overflow. Closely related to
the former fix, but strictly speaking not the same vulnerability.
+ Closes: #770918.
+ Thanks Erik de Castro Lopo for the bug report and the upstream fixes!
-- Fabian Greffrath <[email protected]> Thu, 27 Nov 2014
16:52:51 +0100
** Changed in: flac (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8962
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9028
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1398666
Title:
Sync flac 1.3.0-3 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/flac/+bug/1398666/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
