LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2012-4268 (taglib)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 15 Update: taglib-1.7.1-1.fc15 


Date:
    	      Fri, 06 Apr 2012 21:30:11 +0000


Message-ID:
    	      <20120406213011.12D5120B25@bastion01.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-4268
2012-03-21 01:53:39
--------------------------------------------------------------------------------

Name        : taglib
Product     : Fedora 15
Version     : 1.7.1
Release     : 1.fc15
URL         : http://launchpad.net/taglib
Summary     : Audio Meta-Data Library
Description :
TagLib is a library for reading and editing the meta-data of several
popular audio formats. Currently it supports both ID3v1 and ID3v2 for MP3
files, Ogg Vorbis comments and ID3 tags and Vorbis comments in FLAC, MPC,
Speex, WavPack, TrueAudio files, as well as APE Tags.

--------------------------------------------------------------------------------
Update Information:

New upstream release, largely to address security issues related to ogg xiphcomments and ape
sampleRate=0.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 19 2012 Rex Dieter <rdieter@fedoraproject.org> 1.7.1-1
- taglib-1.7.1
* Tue Feb 28 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7-4
- Rebuilt for c++ ABI breakage
* Sat Feb  4 2012 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.7-3
- Backported fix for a crash in .ape file parsing RHBZ#700727
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #800559 - CVE-2012-1108 taglib: ogg file with vendorLength field modification causes
crash
        https://bugzilla.redhat.com/show_bug.cgi?id=800559
  [ 2 ] Bug #800553 - CVE-2012-1107 taglib: ape file with sampleRate 0 causes crash
        https://bugzilla.redhat.com/show_bug.cgi?id=800553
  [ 3 ] Bug #810009 - CVE-2012-1584 taglib: integer overflow can crash application
        https://bugzilla.redhat.com/show_bug.cgi?id=810009
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update taglib' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds