[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-202
From: |
Bruno Victal |
Subject: |
[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246]. |
Date: |
Sun, 2 Apr 2023 13:59:16 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 |
Hi Leo,
On 2021-08-01 23:31, Leo Famulari wrote:
> CVE-2021-3246 is "A heap buffer overflow vulnerability in msadpcm_decode_block
> of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted
> WAV file."
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3246
What's blocking this from being merged?
(Perhaps it's also a chance to plug it into core-updates to avoid adding the
variants?)
Cheers,
Bruno
- [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].,
Bruno Victal <=