| Summary: | pulseaudio new security issue CVE-2014-3970 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | mageia, mageia, ottoleipala1, sysadmin-bugs |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/606884/ | ||
| Whiteboard: | MGA3TOO advisory MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK | ||
| Source RPM: | pulseaudio-5.0-0.20131220.1.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-06-04 18:01:29 CEST
David Walser
2014-06-04 18:01:35 CEST
Whiteboard:
(none) =>
MGA4TOO, MGA3TOO Thanks David. I'll patch it as soon as the proposed patch or an alternative is accepted upstream. Fedora has issued an advisory for this on July 9: https://lists.fedoraproject.org/pipermail/package-announce/2014-July/136006.html They had to rebuild every package built against the libs for their update. URL:
(none) =>
http://lwn.net/Vulnerabilities/606884/ We certainly won't need a rebuild for this issue. There was an ABI breakage for a while upstream and indeed we had it in cauldron before MGA4 came out, but I think the ABI breakage was only temporary so I it shouldn't have been a problem - perhaps they were just unluckly about whatever snapshot they used? Either way, this should be an easy enough fix. Ping #2, Colin, wake up :) Yeah I suck :) Builds winging their way to MGA's 3 and 4 shortly. Will upload an advisory shortly. OK, advisory uploaded and packages built. MGA3: libpulseglib20-3.0-7.1.mga3.i586.rpm libpulsecommon3.0-3.0-7.1.mga3.i586.rpm libpulsecore3.0-3.0-7.1.mga3.i586.rpm pulseaudio-utils-3.0-7.1.mga3.i586.rpm pulseaudio-module-equalizer-3.0-7.1.mga3.i586.rpm libpulseaudio0-3.0-7.1.mga3.i586.rpm pulseaudio-module-x11-3.0-7.1.mga3.i586.rpm pulseaudio-3.0-7.1.mga3.i586.rpm pulseaudio-esound-compat-3.0-7.1.mga3.i586.rpm pulseaudio-module-jack-3.0-7.1.mga3.i586.rpm pulseaudio-module-bluetooth-3.0-7.1.mga3.i586.rpm pulseaudio-module-lirc-3.0-7.1.mga3.i586.rpm pulseaudio-module-xen-3.0-7.1.mga3.i586.rpm libpulseaudio-devel-3.0-7.1.mga3.i586.rpm pulseaudio-module-zeroconf-3.0-7.1.mga3.i586.rpm pulseaudio-module-gconf-3.0-7.1.mga3.i586.rpm pulseaudio-client-config-3.0-7.1.mga3.i586.rpm pulseaudio-module-bluetooth-3.0-7.1.mga3.x86_64.rpm lib64pulsecore3.0-3.0-7.1.mga3.x86_64.rpm lib64pulsecommon3.0-3.0-7.1.mga3.x86_64.rpm lib64pulseaudio-devel-3.0-7.1.mga3.x86_64.rpm pulseaudio-3.0-7.1.mga3.x86_64.rpm pulseaudio-esound-compat-3.0-7.1.mga3.x86_64.rpm lib64pulseaudio0-3.0-7.1.mga3.x86_64.rpm pulseaudio-client-config-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-x11-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-gconf-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-zeroconf-3.0-7.1.mga3.x86_64.rpm pulseaudio-utils-3.0-7.1.mga3.x86_64.rpm lib64pulseglib20-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-lirc-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-equalizer-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-xen-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-jack-3.0-7.1.mga3.x86_64.rpm MGA 4 pulseaudio-module-gconf-5.0-1.mga4.i586.rpm libpulseaudio0-5.0-1.mga4.i586.rpm pulseaudio-module-zeroconf-5.0-1.mga4.i586.rpm pulseaudio-module-x11-5.0-1.mga4.i586.rpm libpulseaudio-devel-5.0-1.mga4.i586.rpm pulseaudio-module-bluetooth-5.0-1.mga4.i586.rpm pulseaudio-module-xen-5.0-1.mga4.i586.rpm pulseaudio-utils-5.0-1.mga4.i586.rpm pulseaudio-client-config-5.0-1.mga4.i586.rpm pulseaudio-module-jack-5.0-1.mga4.i586.rpm libpulsecommon5.0-5.0-1.mga4.i586.rpm pulseaudio-esound-compat-5.0-1.mga4.i586.rpm pulseaudio-5.0-1.mga4.i586.rpm pulseaudio-module-lirc-5.0-1.mga4.i586.rpm libpulsecore5.0-5.0-1.mga4.i586.rpm libpulseglib20-5.0-1.mga4.i586.rpm pulseaudio-module-equalizer-5.0-1.mga4.i586.rpm pulseaudio-module-x11-5.0-1.mga4.x86_64.rpm lib64pulsecore5.0-5.0-1.mga4.x86_64.rpm pulseaudio-module-bluetooth-5.0-1.mga4.x86_64.rpm pulseaudio-module-gconf-5.0-1.mga4.x86_64.rpm pulseaudio-module-zeroconf-5.0-1.mga4.x86_64.rpm lib64pulseglib20-5.0-1.mga4.x86_64.rpm pulseaudio-module-lirc-5.0-1.mga4.x86_64.rpm lib64pulsecommon5.0-5.0-1.mga4.x86_64.rpm pulseaudio-esound-compat-5.0-1.mga4.x86_64.rpm lib64pulseaudio0-5.0-1.mga4.x86_64.rpm pulseaudio-client-config-5.0-1.mga4.x86_64.rpm pulseaudio-5.0-1.mga4.x86_64.rpm lib64pulseaudio-devel-5.0-1.mga4.x86_64.rpm pulseaudio-utils-5.0-1.mga4.x86_64.rpm pulseaudio-module-xen-5.0-1.mga4.x86_64.rpm pulseaudio-module-jack-5.0-1.mga4.x86_64.rpm pulseaudio-module-equalizer-5.0-1.mga4.x86_64.rpm Assignee:
mageia =>
qa-bugs FWIW, For testing, I'd just make sure the package works. The bug is not easily explioitable and was not enabled by default. Provided it works for normal sound output, I'd be happy enough to just push it :) CC:
(none) =>
mageia
David Walser
2014-11-01 17:15:03 CET
Version:
Cauldron =>
4 Little delay packaging this i was thinking i am slow but no :) i start to testing it. CC:
(none) =>
ozkyster Testing finished both releases and both arch as usual,i validate it so it will get pushed. Sysadmins push this to updates. Keywords:
(none) =>
validated_update An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0440.html Status:
NEW =>
RESOLVED |