[ubuntu/trusty-security] mpg123 1.16.0-1ubuntu1.1 (Accepted)
Eduardo dos Santos Barretto
eduardo.barretto at canonical.com
Wed Sep 5 19:38:21 UTC 2018
mpg123 (1.16.0-1ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2014-9497.patch: Regression fix: Ensure decoder
reinitialization on combination of seek and resync (buffer
overflow) and add check for bad bit allocation value in layer I
decoder.
- CVE-2014-9497
* SECURITY UPDATE: Memory overread
- debian/patches/CVE-2016-1000247.patch: fix DoS with crafted ID3v2
tags.
- CVE-2016-1000247
* SECURITY UPDATE: Memory overread
- debian/patches/CVE-2017-10683.patch: fix in id3.c
- CVE-2017-10683
Date: 2018-09-05 18:37:13.502478+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/mpg123/1.16.0-1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list