[pkg-mad-maintainers] Bug#870406: Bug#870406: libmad: CVE-2017-11552
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 2 04:17:29 UTC 2017
Hi Kurt
On Tue, Aug 01, 2017 at 07:48:01PM +0200, Kurt Roeckx wrote:
> On Tue, Aug 01, 2017 at 07:24:56PM +0200, Salvatore Bonaccorso wrote:
> > Source: libmad
> > Version: 0.15.1b-7
> > Severity: important
> > Tags: security upstream
> >
> > Hi,
> >
> > the following vulnerability was published for libmad.
> >
> > CVE-2017-11552[0]:
> > | The mad_decoder_run function in decoder.c in libmad 0.15.1b allows
> > | remote attackers to cause a denial of service (memory corruption) via a
> > | crafted MP3 file.
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> I guess you don't have any patch for this?
No unfortunatley not. The report furthermore AFAIK is only found on
the fulldisclosure list, not sure it has been reported "upstream" (if
still active?).
Regards,
Salvatore
More information about the pkg-mad-maintainers
mailing list