[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kfreebsd-7 stable update for CVE-2009-1041



Hi,
* Nico Golde <nion@debian.org> [2009-04-26 15:43]:
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for kfreebsd-7 some time ago.
> 
> CVE-2009-0757[0]:
> | Integer signedness error in the store_id3_text function in the ID3v2
> | code in mpg123 before 1.7.2 allows remote attackers to cause a denial
> | of service (out-of-bounds memory access) and possibly execute
> | arbitrary code via an ID3 tag with a negative encoding value.  NOTE:
> | some of these details are obtained from third party information.
> 
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
> 
> However it would be nice if this could get fixed via a regular point update[1].
> Please contact the release team for this.
> 
> This is an automatically generated mail, in case you are already working on an
> upgrade this is of course pointless.
> 
> For further information:
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0757
> [1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
> 
> Kind regards
> Nico
> CVE-2009-1301[0]:
> 
[...] 
I am sorry for this, my script had a bug. I'll resend the 
mail.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpDl4Xr1b2cv.pgp
Description: PGP signature


Reply to: