From mboxrd@z Thu Jan 1 00:00:00 1970 From: marit@secmail.pro Subject: bug#36909: CVE-2017-837{2,3,4} patches for libmad from Debian Date: Sat, 3 Aug 2019 05:12:24 -0700 Message-ID: <30c0beda6f616bb829c4590ee4367f7c.squirrel@giyzk7o6dcunb2ry.onion> Mime-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:53567) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1htsu9-0003YW-Ae for bug-guix@gnu.org; Sat, 03 Aug 2019 08:12:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1htsu8-000891-DV for bug-guix@gnu.org; Sat, 03 Aug 2019 08:12:57 -0400 Received: from secmail.pro ([146.185.132.44]:57214) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1htsu8-000887-86 for bug-guix@gnu.org; Sat, 03 Aug 2019 08:12:56 -0400 Received: from secmailw453j7piv.onion (localhost [IPv6:::1]) by secmail.pro (Postfix) with ESMTP id 0FBC9F239E for ; Sat, 3 Aug 2019 05:12:24 -0700 (PDT) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-debbugs-bounces+gcgd-help-debbugs=m.gmane.org@gnu.org Sender: "help-debbugs" To: bug-guix@gnu.org List-Id: bug-guix.gnu.org Package: libmad Version: 0.15.1b Tags: security Severity: important Hello! I think that package "libmad" should be updated to include fixes for the following vulnerabilities: https://security-tracker.debian.org/tracker/CVE-2017-8372, https://security-tracker.debian.org/tracker/CVE-2017-8373, https://security-tracker.debian.org/tracker/CVE-2017-8374. This can be done by applying md_size.diff from Debian and replacing libmad-frame-length.patch with length-check.diff from Debian.