[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-202

From: Leo Famulari
Subject: [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].
Date: Sun, 02 Apr 2023 16:15:58 -0400
User-agent: Cyrus-JMAP/3.9.0-alpha0-238-g746678b8b6-fm-20230329.001-g746678b8

Sure, please feel free to add it to core-updates.

I never pushed it because 1) there was no feedback and 2) I no longer 
understand the patch.

On Sun, Apr 2, 2023, at 08:59, Bruno Victal wrote:
> Hi Leo,
> On 2021-08-01 23:31, Leo Famulari wrote:
>> CVE-2021-3246 is "A heap buffer overflow vulnerability in 
>> msadpcm_decode_block
>> of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted
>> WAV file."
> What's blocking this from being merged?
> (Perhaps it's also a chance to plug it into core-updates to avoid 
> adding the variants?)
> Cheers,
> Bruno

reply via email to

[Prev in Thread] Current Thread [Next in Thread]