[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-202

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-202

From:	Bruno Victal
Subject:	[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].
Date:	Sun, 2 Apr 2023 13:59:16 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1

Hi Leo,

On 2021-08-01 23:31, Leo Famulari wrote:
> CVE-2021-3246 is "A heap buffer overflow vulnerability in msadpcm_decode_block
> of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted
> WAV file."
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3246

What's blocking this from being merged?
(Perhaps it's also a chance to plug it into core-updates to avoid adding the 
variants?)

Cheers,
Bruno

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246]., Bruno Victal <=
- [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246]., Leo Famulari, 2023/04/02
  - [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246]., Bruno Victal, 2023/04/03

Prev by Date: [bug#62613] [PATCH] gnu: thermald: Update to 2.5.2.
Next by Date: [bug#62584] [PATCH] services: Add error/success service type.
Previous by thread: [bug#62613] [PATCH] gnu: thermald: Update to 2.5.2.
Next by thread: [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].
Index(es):
- Date
- Thread