From mboxrd@z Thu Jan 1 00:00:00 1970 From: marit@secmail.pro Subject: bug#36910: CVE patches for libmad Date: Sat, 3 Aug 2019 05:56:31 -0700 Message-ID: <22bbbfa18093ff3ba1351145a9fe8733.squirrel@giyzk7o6dcunb2ry.onion> Mime-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:60280) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1httaM-0005YW-W6 for bug-guix@gnu.org; Sat, 03 Aug 2019 08:56:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1httaM-0001JF-3j for bug-guix@gnu.org; Sat, 03 Aug 2019 08:56:34 -0400 Received: from secmail.pro ([146.185.132.44]:58202) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1httaL-0001Gx-SX for bug-guix@gnu.org; Sat, 03 Aug 2019 08:56:34 -0400 Received: from secmailw453j7piv.onion (localhost [IPv6:::1]) by secmail.pro (Postfix) with ESMTP id D1414F266A for ; Sat, 3 Aug 2019 05:56:31 -0700 (PDT) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-debbugs-bounces+gcgd-help-debbugs=m.gmane.org@gnu.org Sender: "help-debbugs" To: bug-guix@gnu.org List-Id: bug-guix.gnu.org Package: libmad Version: 0.15.1b Tags: security Severity: important Hello! I think that package "libmad" should be updated to include fixes for the following vulnerabilities: CVE-2017-8372, CVE-2017-8373, CVE-2017-8374. This can be done by applying md_size.diff and replacing libmad-frame-length.patch with length-check.diff (*.diff are from Debian GNU/Linux). Best regards!