Comment 1 Alex Legler (RETIRED) 2009-05-15 09:34:36 UTC

Arches, please test and mark stable:
=media-libs/libsndfile-1.0.20
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"

AMD64 Arch Tester Report

Compile/Install: OK except for a QA notice
* QA Notice: file does not exist:
 *
 *      dodoc: TODO does not exist
Functionality: Tested

Looks fine except for the extra dodoc. Please mark amd64.

chadgentoo / # emerge --info
Portage 2.1.6.11 (default/linux/amd64/2008.0/desktop, gcc-4.1.2, glibc-2.8_p20080602-r1, 2.6.28-gentoo x86_64)
=================================================================                                             
System uname: Linux-2.6.28-gentoo-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_4400+-with-glibc2.2.5       
Timestamp of tree: Fri, 15 May 2009 14:30:01 +0000                                                            
app-shells/bash:     3.2_p39                                                                                  
dev-lang/python:     2.4.4-r13, 2.5.4-r2                                                                      
dev-python/pycrypto: 2.0.1-r6                                                                                 
dev-util/cmake:      2.4.6-r1                                                                                 
sys-apps/baselayout: 1.12.11.1                                                                                
sys-apps/sandbox:    1.2.18.1-r2                                                                              
sys-devel/autoconf:  2.13, 2.63                                                                               
sys-devel/automake:  1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2                                        
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -msse3 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/NX/etc /usr/NX/home /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=k8 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks fixpackages multilib-strict parallel-fetch protect-owned sandbox sfperms strict test unmerge-orphans user-sandbox userfetch userpriv"
GENTOO_MIRRORS="http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://www.gtlib.gatech.edu/pub/gentoo ftp://mirror.iawnet.sandia.gov/pub/gentoo/ ftp://ftp.ussg.iu.edu/pub/linux/gentoo http://cudlug.cudenver.edu/gentoo/ http://gentoo.mirrors.pair.com/ http://open-systems.ufl.edu/mirrors/gentoo http://mirror.datapipe.net/gentoo http://prometheus.cs.wmich.edu/gentoo http://mirror.mcs.anl.gov/pub/gentoo/ http://gentoo.mirrors.easynews.com/linux/gentoo/ http://gentoo.cites.uiuc.edu/pub/gentoo/ http://mirror.fslutd.org/linux/distributions/gentoo/ http://gentoo.chem.wisc.edu/gentoo/ http://lug.mtu.edu/gentoo/"
LANG="en_US.utf-8"
LDFLAGS="-Wl,-O1"
LINGUAS="en"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acl acpi alsa amd64 berkdb bluetooth branding bzip2 cairo cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode esd evo fam firefox fortran gdbm gif gnome gnutls gpm gstreamer gtk hal iconv imagemagick isdnlog jpeg kde ldap libnotify mad midi mikmod mmx mp3 mpeg mudflap multilib ncurses nls nptl nptlonly ogg opengl openmp pam pcre pdf perl png ppds pppd python qt3 qt3support qt4 quicktime readline reflection sdl session spell spl sse sse2 ssl startup-notification svg sysfs tcpd threads tiff truetype unicode usb vorbis xml xorg xulrunner xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev mouse keyboard joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="nvidia"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 3 Tobias Klausmann (RETIRED) 2009-05-15 17:00:33 UTC

Stable on alpha.

Comment 4 Markus Meier 2009-05-15 22:01:53 UTC

amd64/x86 stable

Comment 5 Jeroen Roovers (RETIRED) 2009-05-16 13:40:41 UTC

Stable for HPPA.

Comment 6 Brent Baude (RETIRED) 2009-05-18 19:00:19 UTC

ppc64 done

Comment 7 Brent Baude (RETIRED) 2009-05-18 19:00:25 UTC

ppc done

Comment 8 Raúl Porcel (RETIRED) 2009-05-20 18:08:23 UTC

arm/ia64/sh/sparc stable

Comment 9 Tobias Heinlein (RETIRED) 2009-05-22 17:42:06 UTC

secunia says arbitrary code execution is possible using specially crafted files, so B2 is correct.

Comment 10 Tobias Heinlein (RETIRED) 2009-05-22 17:42:23 UTC

GLSA request filed.

Comment 11 Alex Legler (RETIRED) 2009-05-28 12:35:39 UTC

CVE-2009-1788 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1788):
  Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15
  through 1.0.19, as used in Winamp 5.552 and possibly other media
  programs, allows remote attackers to cause a denial of service
  (application crash) and possibly execute arbitrary code via a VOC
  file with an invalid header value.

CVE-2009-1791 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1791):
  Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15
  through 1.0.19, as used in Winamp 5.552 and possibly other media
  programs, allows remote attackers to cause a denial of service
  (application crash) and possibly execute arbitrary code via an AIFF
  file with an invalid header value.

Comment 12 Alex Legler (RETIRED) 2009-05-28 12:35:51 UTC

GLSA 200905-09