Created attachment 1345348 [details] opusfile-0.9-out-of-bound-read.patch opusfile-0.9 introduced an out-of-bounds read bug, which is fixed in mainstream: http://git.xiph.org/?p=opusfile.git;a=commitdiff_plain;h=dee76c90f3211734564ff2ee4f34fa64be403777 Affects all fedoras that provide opusfile-0.9, i.e. f25, f26, f27 and rawhide. Above patch attached here.
The fix is included in the recently released opusfile-0.10 : https://downloads.xiph.org/releases/opus/opusfile-0.10.tar.gz
Is there a CVE assigned?
As far as I know, no.
opusfile-0.10-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b49954b8d3
opusfile-0.10-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f8cfebbb0
opusfile-0.10-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-7965452e01
opusfile-0.10-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b49954b8d3
opusfile-0.10-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-7965452e01
opusfile-0.10-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f8cfebbb0
opusfile-0.10-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
opusfile-0.10-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
opusfile-0.10-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.