[website] r1715 - html/trunk/blfs/advisories

Mon, 15 Feb 2021 14:17:55 -0800 

Author: renodr
Date: Mon Feb 15 14:17:49 2021
New Revision: 1715

Log:
Add Security Advisory 10.0-092 for Taglib

Modified:
   html/trunk/blfs/advisories/10.0.html
   html/trunk/blfs/advisories/consolidated.html

Modified: html/trunk/blfs/advisories/10.0.html
==============================================================================
--- html/trunk/blfs/advisories/10.0.html        Mon Feb 15 08:45:21 2021        
(r1714)
+++ html/trunk/blfs/advisories/10.0.html        Mon Feb 15 14:17:49 2021        
(r1715)
@@ -588,7 +588,7 @@
 
 <!-- end of Seamonkey -->
 
-    <h3> Stunnel</h3>
+    <h3>Stunnel</h3>
 
     <h4>10.0 021 Stunnel  Date: 2020-10-16  Severity: High</h4>
     <p>In Stunnel-5.57 the "redirect" option was fixed to properly handle
@@ -620,6 +620,16 @@
 
 <!-- end of Sudo -->
 
+    <h3>Taglib</h3>
+
+    <h4>10.0 092 Taglib Date: 2021-02-15  Severity: Medium</h4>
+    <p>In taglib-1.11.1, a security vulnerability was found that
+    could allow for information disclosure via a crafted OGG file.
+    Update to taglib-1.12 or later. See
+    <a href="consolidated.html#10.0-092">10.0-092</a>.</p>
+
+<!-- end of Taglib -->
+
     <h3>Thunderbird</h3>
 
     <!-- to save putting this in each thunderbird advisory: -->

Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html        Mon Feb 15 08:45:21 
2021        (r1714)
+++ html/trunk/blfs/advisories/consolidated.html        Mon Feb 15 14:17:49 
2021        (r1715)
@@ -75,6 +75,17 @@
     the longer term who knows what will happen to packages (e.g. getting
     replaced or archived). See the gstreamer links re 1.16 for an example of
     linking to a released book (old 10.0) -->
+    <a id="10.0-092">
+    <h4>10.0 092 Taglib       Date: 2021-02-15 Severity: Medium</h4>
+    <p>In taglib-1.11.1, a security vulnerability was found that may lead to
+    information disclosure when using a crafted OGG file. This is classified
+    as a use-after-free vulnerability.
+    This has been assigned
+    <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2018-11439";>CVE-2018-11439</a>.</p>
+    <p>To fix this, update to at least taglib-1.12 using the instructions in
+    <a href="../view/svn/multimedia/taglib.html">taglib (sysv)</a> or
+    <a href="../view/systemd/multimedia/taglib.html">taglib (systemd)</a>.</p>
+
     <a id="10.0-091">
     <h4>10.0 091 WebKitGTK    Date: 2021-02-15 Severity: High</h4>
     <p>In WebKitGTK-2.30.5, a security vulnerability was fixed that allows for
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to