Bug 531770 (CVE-2009-3377)
| Summary: | CVE-2009-3377 liboggz: unspecified security fixes mentioned in MFSA 2009-63 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | thomas, vdanen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-12-21 19:24:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 538220 | ||
| Bug Blocks: | |||
|
Description
Tomas Hoger
2009-10-29 13:12:33 UTC
Looking into liboggz upstream ChangeLog, mozilla bug 515376 is mentioned as fixed in version 1.0.0: * Mozilla #515376: Check index in dirac_parse_info() git commit: http://github.com/kfish/liboggz/commit/164e35e743e7681fbed34c66a015a779f73176f2 It is not tagged as security fix in liboggz changelog, even though there's a fairly large list of security fixes mentioned in 0.9.9: Security: * Handle allocation failure due to out of memory throughout, for Mozilla bug 468280. Adds new error return OGGZ_ERR_OUT_OF_MEMORY * skeleton.c::ogg_from_fisbone(): avoid memcpy of NULL fp->message_header_fields. Fixes ticket:408, reported by j^ * Mozilla bug 463756: return an error when a hole (ie. missing sequence number) is detected in the headers of a track * Remove dead code from oggz_read.c for ticket:439, reported by Coverity * Check for NULL return value of val in cgi.c (ticket:438, reported by Coverity) * Add NULL return checks (ticket:440, reported by Coverity) * Check for integer overflows in calculations for realloc and when using strlen returns. For Mozilla bug 480014 * Don't map all errors to OGGZ_ERR_STOP_ERR Required for Mozilla bug 481933 Exposes detected HOLE_IN_DATA as return value from oggz_read(), oggz_read_input(), and add documentation for extra return values * Apply patch by Jim Blandy from Mozilla bug 480521 Avoid overflow in comment lengths What is the plan for Fedora with this? Lots of backports or move to 1.0+ in all current versions? Looking at this one. I think it is better to update it to latest 1.xx releases. liboggz-1.1.1-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/liboggz-1.1.1-1.fc13 liboggz-1.1.1-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/liboggz-1.1.1-1.fc12 liboggz-1.1.1-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. libannodex-0.7.3-14.fc13,mod_annodex-0.2.2-13.fc13,liboggz-1.1.1-1.fc13,libfishsound-0.9.1-5.fc13,sonic-visualiser-1.7.2-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/libannodex-0.7.3-14.fc13,mod_annodex-0.2.2-13.fc13,liboggz-1.1.1-1.fc13,libfishsound-0.9.1-5.fc13,sonic-visualiser-1.7.2-1.fc13 libannodex-0.7.3-14.fc13, mod_annodex-0.2.2-13.fc13, liboggz-1.1.1-1.fc13, libfishsound-0.9.1-5.fc13, sonic-visualiser-1.7.2-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. |