Bug 1507432

Summary: out-of-bounds read in opusfile-0.9
Product: [Fedora] Fedora Reporter: Ozkan Sezer <sezeroz>
Component: opusfileAssignee: Peter Robinson <pbrobinson>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 26CC: pbrobinson, sezeroz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: opusfile-0.10-1.fc25 opusfile-0.10-1.fc26 opusfile-0.10-1.fc27 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-04 21:33:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
opusfile-0.9-out-of-bound-read.patch none

Description Ozkan Sezer 2017-10-30 09:14:08 UTC 
Created attachment 1345348 [details]
opusfile-0.9-out-of-bound-read.patch

opusfile-0.9 introduced an out-of-bounds read bug,
which is fixed in mainstream:
http://git.xiph.org/?p=opusfile.git;a=commitdiff_plain;h=dee76c90f3211734564ff2ee4f34fa64be403777

Affects all fedoras that provide opusfile-0.9, i.e.
f25, f26, f27 and rawhide.  Above patch attached here.
Comment 1 Ozkan Sezer 2017-11-23 16:17:24 UTC 
The fix is included in the recently released opusfile-0.10 :
https://downloads.xiph.org/releases/opus/opusfile-0.10.tar.gz
Comment 2 Peter Robinson 2017-11-23 16:27:48 UTC 
Is there a CVE assigned?
Comment 3 Ozkan Sezer 2017-11-23 16:33:41 UTC 
As far as I know, no.
Comment 4 Fedora Update System 2017-11-23 17:36:27 UTC 
opusfile-0.10-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b49954b8d3
Comment 5 Fedora Update System 2017-11-23 17:36:34 UTC 
opusfile-0.10-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f8cfebbb0
Comment 6 Fedora Update System 2017-11-23 17:36:39 UTC 
opusfile-0.10-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-7965452e01
Comment 7 Fedora Update System 2017-11-24 23:23:33 UTC 
opusfile-0.10-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b49954b8d3
Comment 8 Fedora Update System 2017-11-25 00:37:06 UTC 
opusfile-0.10-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-7965452e01
Comment 9 Fedora Update System 2017-11-25 01:35:34 UTC 
opusfile-0.10-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f8cfebbb0
Comment 10 Fedora Update System 2017-12-04 21:33:16 UTC 
opusfile-0.10-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2017-12-09 22:25:04 UTC 
opusfile-0.10-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2017-12-10 05:05:23 UTC 
opusfile-0.10-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.