Bug 152919
Summary: | CAN-2005-0706 grip Buffer overflow | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Marc Deslauriers <marc.deslauriers> |
Component: | grip | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | pekkas |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/beta/show_bug.cgi?id=150712 | ||
Whiteboard: | 1, LEGACY, rh73, rh90, needsrelease | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-09-19 05:39:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Lawrence
2005-03-30 23:32:08 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA for rh73, rh9 and fc1: fc2 is already fixed. Changelog: * Sat Jun 11 2005 Marc Deslauriers <marcdeslauriers> 2.96-2.1.legacy - - Added patch for CAN-2005-0706 rh73: 0ffc979a64170a9052dea93f58b2133e947e6f41 grip-2.96-2.1.legacy.i386.rpm db8e4637d633c45791afddffb8bd269669bca153 grip-2.96-2.1.legacy.src.rpm 7.3 Source: http://www.infostrategique.com/linuxrpms/legacy/7.3/grip-2.96-2.1.legacy.src.rpm 7.3 Binaries: http://www.infostrategique.com/linuxrpms/legacy/7.3/grip-2.96-2.1.legacy.i386.rpm rh9: 7b4a6f463c2aba2d97b03bdf209e6ccef0b9e78f grip-3.0.4-5.1.legacy.i386.rpm e4aa970f770a9ae3940b3125f09d01198f880f02 grip-3.0.4-5.1.legacy.src.rpm 9 Source: http://www.infostrategique.com/linuxrpms/legacy/9/grip-3.0.4-5.1.legacy.src.rpm 9 Binaries: http://www.infostrategique.com/linuxrpms/legacy/9/grip-3.0.4-5.1.legacy.i386.rpm fc1: 4ae54021ebaa8489377db700b78ebe3bdc5e0735 grip-3.0.7-3.1.legacy.i386.rpm ab849cc102e3e9cf4a2a1b7163fc0190a1030ff8 grip-3.0.7-3.1.legacy.src.rpm fc1 Source: http://www.infostrategique.com/linuxrpms/legacy/1/grip-3.0.7-3.1.legacy.src.rpm fc1 Binaries: http://www.infostrategique.com/linuxrpms/legacy/1/grip-3.0.7-3.1.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCq7j4LMAs/0C4zNoRAixQAJ4y9okDumsLnELdrWyufUFtLLbLQACfT8d2 NMttliGwGw63HczRhy2NA/c= =gSj4 -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - spec file changes minimal - source integrity good - patches verified to be very close to from RHEL3 / FC CVS +PUBLISH RHL73,RHL9,FC1 db8e4637d633c45791afddffb8bd269669bca153 grip-2.96-2.1.legacy.src.rpm e4aa970f770a9ae3940b3125f09d01198f880f02 grip-3.0.4-5.1.legacy.src.rpm ab849cc102e3e9cf4a2a1b7163fc0190a1030ff8 grip-3.0.7-3.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCrXoUGHbTkzxSL7QRAte7AKCZVSpB3PYca9oLPAJtw7EFeBa2RACeLJeV qly6LOKLdeF02bi2Em41MJg= =4L0W -----END PGP SIGNATURE----- Packages were pushed to updates-testing -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++VERIFY for RHL 9 RHL 9 Packages: grip-3.0.4-5.2.legacy.i386.rpm SHA1 checksum matches. Signatures verify okay. I ripped a song from a cd-rom using the original RH9 version. I then upgraded to the FL updates-testing version with no problems. I re-ripped the same song, no problems, and it is the same size as the original. Both play back fine. Did various things with the program (normal use, visit menus, etc) and encountered no problems. I did not test the exact security problem fixed; I just tested basic functionality and usage. Vote for release for RHL 9. ++VERIFY -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC960R4jZRbknHoPIRAhGpAKCgxfvyjGQRpXLP/iI7elntanj2iwCeL7cJ mToYK7ZQFOMfN0fehsiW3Lg= =BNis -----END PGP SIGNATURE----- Thanks -- timeout in 4 weeks. Timeout over. This update was released. |