[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-202

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-202

From:	Leo Famulari
Subject:	[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].
Date:	Sun, 02 Apr 2023 16:15:58 -0400
User-agent:	Cyrus-JMAP/3.9.0-alpha0-238-g746678b8b6-fm-20230329.001-g746678b8

Sure, please feel free to add it to core-updates.

I never pushed it because 1) there was no feedback and 2) I no longer 
understand the patch.

On Sun, Apr 2, 2023, at 08:59, Bruno Victal wrote:
> Hi Leo,
>
> On 2021-08-01 23:31, Leo Famulari wrote:
>> CVE-2021-3246 is "A heap buffer overflow vulnerability in 
>> msadpcm_decode_block
>> of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted
>> WAV file."
>> 
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3246
>
> What's blocking this from being merged?
> (Perhaps it's also a chance to plug it into core-updates to avoid 
> adding the variants?)
>
>
> Cheers,
> Bruno

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246]., Bruno Victal, 2023/04/02
- [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246]., Leo Famulari <=
  - [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246]., Bruno Victal, 2023/04/03

Prev by Date: [bug#62629] [PATCH] gnu: guile-pipe: Remove unused install script.
Next by Date: [bug#62424] [PATCH] gnu: Add lazarus.
Previous by thread: [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].
Next by thread: [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].
Index(es):
- Date
- Thread