diff options
author | Stefan Fritsch <sf@sfritsch.de> | 2020-12-29 15:29:29 +0100 |
---|---|---|
committer | Stefan Fritsch <sf@sfritsch.de> | 2020-12-29 15:29:29 +0100 |
commit | 9d686889fb4d6b64195124225e58070bdfd5b0b6 (patch) | |
tree | de2a34b6e11d83e4442d9d317088266d39f6689c | |
parent | d83cd83225ca820406e1c90f76ed945231abbb2e (diff) |
note mp3gain fixes
-rw-r--r-- | data/CVE/list | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index fff9c73fde..e4945d9c0a 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -83683,7 +83683,7 @@ CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user privileg CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username enumerat ...) NOT-FOR-US: JetBrains CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...) - - mp3gain <unfixed> (bug #973932) + - mp3gain 1.6.2-2 (bug #973932) NOTE: SuSE fix: https://build.opensuse.org/package/view_file/openSUSE:Maintenance:12304/mp3gain.openSUSE_Leap_15.1_Update/0001-fix-security-bugs.patch?rev=0db47562b2545871d0be3fc88083e0cd NOTE: Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc CVE-2019-18358 @@ -162423,7 +162423,7 @@ CVE-2018-10778 (Read access violation in the III_dequantize_sample function in m - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> (Not supported in Wheezy) CVE-2018-10777 (Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3g ...) - - mp3gain <unfixed> (bug #973932) + - mp3gain 1.6.2-2 (bug #973932) [wheezy] - mp3gain <end-of-life> (Not supported in Wheezy) NOTE: Fixed according to https://sourceforge.net/p/mp3gain/bugs/43/ but still causes crash with ASAN NOTE: According to the CVE this is caught by FORTIFY_SOURCE, so no real vulnerability. |