[Bug 318555] Re: Amarok - integer overflows and unchecked allocation vulnerabilities

Launchpad Bug Tracker 318555 at bugs.launchpad.net
Tue Mar 17 16:45:46 UTC 2009


This bug was fixed in the package amarok - 2:1.4.7-0ubuntu3.2

---------------
amarok (2:1.4.7-0ubuntu3.2) gutsy-security; urgency=low

  * SECURITY UPDATE: Code execution via multiple integer overflows and array
    index errors in the metadata parser for audible files. (LP: #318555)
    - debian/patches/100_security_CVE-2009-0135-0136.patch: improve error handling
      and set a maximum tag size in amarok/src/metadata/audible/audibletag.cpp.
    - CVE-2009-0135
    - CVE-2009-0136

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>   Thu, 12 Mar 2009
11:16:08 -0400

** Changed in: amarok (Ubuntu Gutsy)
       Status: In Progress => Fix Released

** Changed in: amarok (Ubuntu Hardy)
       Status: In Progress => Fix Released

-- 
Amarok - integer overflows and unchecked allocation vulnerabilities
https://bugs.launchpad.net/bugs/318555
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to amarok in ubuntu.




More information about the kubuntu-bugs mailing list