Bug 664600

Summary: CVE-2009-1788 CVE-2009-1791 Multiple libsndfile vulnerabilities [Fedora epel-5]
Product: [Fedora] Fedora EPEL Reporter: Vincent Danen <vdanen>
Component: libsndfileAssignee: Michal Hlavinka <mhlavink>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: el5CC: andreas, bressers, mhlavink
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://fedoraproject.org/wiki/Security/TrackingBugs
Whiteboard:
Fixed In Version: libsndfile-1.0.17-4.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 502661 Environment:
Last Closed: 2011-01-13 17:29:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 502661    
Bug Blocks: 502657, 502658    

Description Vincent Danen 2010-12-20 22:25:30 UTC 
+++ This bug was initially created as a clone of Bug #502661 +++

This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in all affected branches.

You should *not* refer to this bug publicly, as it is a private "Fedora Project Contributors" bug.

For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.

	bug #502657: CVE-2009-1788 libsndfile VOC file heap based buffer overflow
	bug #502658: CVE-2009-1791 libsndfile AIFF file heap based buffer overflow

Please close this bug with RAWHIDE (referencing appropriate N-V-R in Fixed In field if possible) once is it fixed in devel branch. Do *not* include the bug id of this bug in the RPM changelog and the commit message.

For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs
Comment 1 Fedora Update System 2010-12-23 08:03:12 UTC 
libsndfile-1.0.17-4.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/libsndfile-1.0.17-4.el5
Comment 2 Fedora Update System 2010-12-29 18:29:32 UTC 
libsndfile-1.0.17-4.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libsndfile'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/libsndfile-1.0.17-4.el5
Comment 3 Fedora Update System 2011-01-13 17:29:21 UTC 
libsndfile-1.0.17-4.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.