Hi Kurt On Tue, Aug 01, 2017 at 07:48:01PM +0200, Kurt Roeckx wrote: > On Tue, Aug 01, 2017 at 07:24:56PM +0200, Salvatore Bonaccorso wrote: > > Source: libmad > > Version: 0.15.1b-7 > > Severity: important > > Tags: security upstream > > > > Hi, > > > > the following vulnerability was published for libmad. > > > > CVE-2017-11552[0]: > > | The mad_decoder_run function in decoder.c in libmad 0.15.1b allows > > | remote attackers to cause a denial of service (memory corruption) via a > > | crafted MP3 file. > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > I guess you don't have any patch for this?
No unfortunatley not. The report furthermore AFAIK is only found on the fulldisclosure list, not sure it has been reported "upstream" (if still active?). Regards, Salvatore
