GNU bug report logs

#49817 [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes CVE-2021-3246].

PackageSource(s)Maintainer(s)
guix-patches PTS Buildd Popcon
Full log

Message #8 received at 49817@debbugs.gnu.org (full text, mbox, reply):

Received: (at 49817) by debbugs.gnu.org; 2 Apr 2023 12:59:30 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 02 08:59:30 2023
Received: from localhost ([127.0.0.1]:39333 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1pixIv-0008V6-P9
	for submit@debbugs.gnu.org; Sun, 02 Apr 2023 08:59:30 -0400
Received: from smtpm2.myservices.hosting ([185.26.105.233]:46930)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mirai@makinata.eu>) id 1pixIt-0008Uv-D6
 for 49817@debbugs.gnu.org; Sun, 02 Apr 2023 08:59:28 -0400
Received: from mail1.netim.hosting (unknown [185.26.106.173])
 by smtpm2.myservices.hosting (Postfix) with ESMTP id B2F1E20D91;
 Sun,  2 Apr 2023 14:59:25 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
 by mail1.netim.hosting (Postfix) with ESMTP id 65B628009D;
 Sun,  2 Apr 2023 14:59:25 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting
Received: from mail1.netim.hosting ([127.0.0.1])
 by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id b6dHDoSlIM4M; Sun,  2 Apr 2023 14:59:24 +0200 (CEST)
Received: from [192.168.1.239] (unknown [10.192.1.83])
 (Authenticated sender: lumen@makinata.eu)
 by mail1.netim.hosting (Postfix) with ESMTPSA id 947188009C;
 Sun,  2 Apr 2023 14:59:24 +0200 (CEST)
Message-ID: <36a32ab3-484f-5114-6443-e74dbaea23b8@makinata.eu>
Date: Sun, 2 Apr 2023 13:59:16 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.9.1
Subject: Re: [bug#49817] [PATCH] gnu: libsndfile: Update to 1.1.0beta1 [fixes
 CVE-2021-3246].
Content-Language: en-US
To: Leo Famulari <leo@famulari.name>
References: <457c76a9e6a7bd86714db819570724dc04cafb57.1627857104.git.leo@famulari.name>
From: Bruno Victal <mirai@makinata.eu>
In-Reply-To: <457c76a9e6a7bd86714db819570724dc04cafb57.1627857104.git.leo@famulari.name>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Score: -1.1 (-)
X-Debbugs-Envelope-To: 49817
Cc: 49817@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.1 (--)

Hi Leo,

On 2021-08-01 23:31, Leo Famulari wrote:
> CVE-2021-3246 is "A heap buffer overflow vulnerability in msadpcm_decode_block
> of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted
> WAV file."
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3246

What's blocking this from being merged?
(Perhaps it's also a chance to plug it into core-updates to avoid adding the variants?)


Cheers,
Bruno

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 03:10:08 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.