Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322
Summary: flac123 0.0.9 vorbis comment parsing buffer overflow Product: Fedora Version: f7 Platform: All URL: http://www.vuxml.org/freebsd/32d38cbb-2632-11dc-94da- 0016179b2dd5.html OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: flac123 AssignedTo: foolish@guezz.net ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
http://www.vuxml.org/freebsd/32d38cbb-2632-11dc-94da-0016179b2dd5.html
"flac123, also known as flac-tools, is vulnerable to a buffer overflow in vorbis comment parsing. This allows for the execution of arbitrary code."
0.0.10 is out, supposedly containing a fix for this.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow Alias: CVE-2007-3507
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322
lkundrak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|flac123 0.0.9 vorbis comment|CVE-2007-3507 flac123 0.0.9 |parsing buffer overflow |vorbis comment parsing | |buffer overflow Alias| |CVE-2007-3507
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow Alias: CVE-2007-3507
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322
foolish@guezz.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow Alias: CVE-2007-3507
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322
------- Additional Comments From foolish@guezz.net 2007-07-12 09:36 EST ------- Updated flac123 to 0.0.11, submitted update for updates-testing for F-7. Will go into updates shortly if there's no trouble.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow Alias: CVE-2007-3507
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322
------- Additional Comments From updates@fedoraproject.org 2007-07-12 19:38 EST ------- flac123-0.0.11-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow Alias: CVE-2007-3507
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322
updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |0.0.11-1.fc7
security@lists.fedoraproject.org
-
Red Hat Bugzilla