Hi, the attached patch fixes this issue. It will be also archived on: http://people.debian.org/~nion/nmu-diff/libfishsound-0.7.0-2.1_0.7.0-2.2.patch
Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u libfishsound-0.7.0/debian/changelog libfishsound-0.7.0/debian/changelog
--- libfishsound-0.7.0/debian/changelog
+++ libfishsound-0.7.0/debian/changelog
@@ -1,3 +1,13 @@
+libfishsound (0.7.0-2.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * This update fixes the following security issue:
+ - CVE-2008-1686: insufficient boundary checks on a header structure
+ of a speex stream due to missing check for a negative value
+ might lead to arbitrary code execution (Closes: #475152).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Thu, 10 Apr 2008 14:57:28 +0200
+
libfishsound (0.7.0-2.1) unstable; urgency=low
* Porter NMU.
--- libfishsound-0.7.0.orig/src/libfishsound/speex.c
+++ libfishsound-0.7.0/src/libfishsound/speex.c
@@ -136,7 +136,7 @@
return NULL;
}
- if (header->mode >= SPEEX_NB_MODES) {
+ if (header->mode >= SPEEX_NB_MODES || header->mode < 0) {
/*
info_dialog_new ("Speex error", NULL,
"Mode number %d does not (any longer) exist in this version\n",
pgpk9rUnJBiKY.pgp
Description: PGP signature
