Red Hat Bugzilla – Bug 810810
CVE-2012-2108 Csound: Stack-based buffer overflow in lpc_import
Last modified: 2016-03-04 06:46:03 EST
A stack-based buffer-overflow was found in the lpc_import utility. If a specially crafted CSV file was opened by the lpc_import utility, it could cause the application to crash.
Created csound tracking bugs for this issue
Affects: fedora-all [bug 812721]
I'm in progress of moving our patches to the latest upstream release, is it fixed in a newer release?
do you know the minimum release?
from the git log , version 5.17 seems to have all the patches discussed.
Excellent, will work on merging our patch set and getting a new version in the coming days
Assigned CVE as per http://www.openwall.com/lists/oss-security/2012/04/16/9
(In reply to comment #6)
> Excellent, will work on merging our patch set and getting a new version in
> the coming days
Peter, it doesn't seem like this ever happened? The current version of csound in Fedora still appears vulnerable according to the changelog.
I'm working on it as I get the time but they newer builds changed around the build system and a bunch of other stuff and I have to review and rebase patches so it's taking a little longer than I had hoped.
Current Fedora has csound 6.03.2 which includes this fix.