A CVE was allocated for a security issue in PulseAudio today (June 4): http://openwall.com/lists/oss-security/2014/06/04/16 Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
Thanks David. I'll patch it as soon as the proposed patch or an alternative is accepted upstream.
Fedora has issued an advisory for this on July 9: https://lists.fedoraproject.org/pipermail/package-announce/2014-July/136006.html They had to rebuild every package built against the libs for their update.
URL: (none) => http://lwn.net/Vulnerabilities/606884/
We certainly won't need a rebuild for this issue. There was an ABI breakage for a while upstream and indeed we had it in cauldron before MGA4 came out, but I think the ABI breakage was only temporary so I it shouldn't have been a problem - perhaps they were just unluckly about whatever snapshot they used? Either way, this should be an easy enough fix.
Ping..
CC: (none) => mageia
Ping #2, Colin, wake up :)
Yeah I suck :) Builds winging their way to MGA's 3 and 4 shortly. Will upload an advisory shortly.
OK, advisory uploaded and packages built. MGA3: libpulseglib20-3.0-7.1.mga3.i586.rpm libpulsecommon3.0-3.0-7.1.mga3.i586.rpm libpulsecore3.0-3.0-7.1.mga3.i586.rpm pulseaudio-utils-3.0-7.1.mga3.i586.rpm pulseaudio-module-equalizer-3.0-7.1.mga3.i586.rpm libpulseaudio0-3.0-7.1.mga3.i586.rpm pulseaudio-module-x11-3.0-7.1.mga3.i586.rpm pulseaudio-3.0-7.1.mga3.i586.rpm pulseaudio-esound-compat-3.0-7.1.mga3.i586.rpm pulseaudio-module-jack-3.0-7.1.mga3.i586.rpm pulseaudio-module-bluetooth-3.0-7.1.mga3.i586.rpm pulseaudio-module-lirc-3.0-7.1.mga3.i586.rpm pulseaudio-module-xen-3.0-7.1.mga3.i586.rpm libpulseaudio-devel-3.0-7.1.mga3.i586.rpm pulseaudio-module-zeroconf-3.0-7.1.mga3.i586.rpm pulseaudio-module-gconf-3.0-7.1.mga3.i586.rpm pulseaudio-client-config-3.0-7.1.mga3.i586.rpm pulseaudio-module-bluetooth-3.0-7.1.mga3.x86_64.rpm lib64pulsecore3.0-3.0-7.1.mga3.x86_64.rpm lib64pulsecommon3.0-3.0-7.1.mga3.x86_64.rpm lib64pulseaudio-devel-3.0-7.1.mga3.x86_64.rpm pulseaudio-3.0-7.1.mga3.x86_64.rpm pulseaudio-esound-compat-3.0-7.1.mga3.x86_64.rpm lib64pulseaudio0-3.0-7.1.mga3.x86_64.rpm pulseaudio-client-config-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-x11-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-gconf-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-zeroconf-3.0-7.1.mga3.x86_64.rpm pulseaudio-utils-3.0-7.1.mga3.x86_64.rpm lib64pulseglib20-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-lirc-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-equalizer-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-xen-3.0-7.1.mga3.x86_64.rpm pulseaudio-module-jack-3.0-7.1.mga3.x86_64.rpm MGA 4 pulseaudio-module-gconf-5.0-1.mga4.i586.rpm libpulseaudio0-5.0-1.mga4.i586.rpm pulseaudio-module-zeroconf-5.0-1.mga4.i586.rpm pulseaudio-module-x11-5.0-1.mga4.i586.rpm libpulseaudio-devel-5.0-1.mga4.i586.rpm pulseaudio-module-bluetooth-5.0-1.mga4.i586.rpm pulseaudio-module-xen-5.0-1.mga4.i586.rpm pulseaudio-utils-5.0-1.mga4.i586.rpm pulseaudio-client-config-5.0-1.mga4.i586.rpm pulseaudio-module-jack-5.0-1.mga4.i586.rpm libpulsecommon5.0-5.0-1.mga4.i586.rpm pulseaudio-esound-compat-5.0-1.mga4.i586.rpm pulseaudio-5.0-1.mga4.i586.rpm pulseaudio-module-lirc-5.0-1.mga4.i586.rpm libpulsecore5.0-5.0-1.mga4.i586.rpm libpulseglib20-5.0-1.mga4.i586.rpm pulseaudio-module-equalizer-5.0-1.mga4.i586.rpm pulseaudio-module-x11-5.0-1.mga4.x86_64.rpm lib64pulsecore5.0-5.0-1.mga4.x86_64.rpm pulseaudio-module-bluetooth-5.0-1.mga4.x86_64.rpm pulseaudio-module-gconf-5.0-1.mga4.x86_64.rpm pulseaudio-module-zeroconf-5.0-1.mga4.x86_64.rpm lib64pulseglib20-5.0-1.mga4.x86_64.rpm pulseaudio-module-lirc-5.0-1.mga4.x86_64.rpm lib64pulsecommon5.0-5.0-1.mga4.x86_64.rpm pulseaudio-esound-compat-5.0-1.mga4.x86_64.rpm lib64pulseaudio0-5.0-1.mga4.x86_64.rpm pulseaudio-client-config-5.0-1.mga4.x86_64.rpm pulseaudio-5.0-1.mga4.x86_64.rpm lib64pulseaudio-devel-5.0-1.mga4.x86_64.rpm pulseaudio-utils-5.0-1.mga4.x86_64.rpm pulseaudio-module-xen-5.0-1.mga4.x86_64.rpm pulseaudio-module-jack-5.0-1.mga4.x86_64.rpm pulseaudio-module-equalizer-5.0-1.mga4.x86_64.rpm
Assignee: mageia => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA4TOO, MGA3TOO, has_advisory
FWIW, For testing, I'd just make sure the package works. The bug is not easily explioitable and was not enabled by default. Provided it works for normal sound output, I'd be happy enough to just push it :)
Version: Cauldron => 4Whiteboard: MGA4TOO, MGA3TOO, has_advisory => MGA3TOO advisory
Little delay packaging this i was thinking i am slow but no :) i start to testing it.
CC: (none) => ozkyster
Testing finished both releases and both arch as usual,i validate it so it will get pushed. Sysadmins push this to updates.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA3TOO advisory => MGA3TOO advisory MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0440.html
Status: NEW => RESOLVEDResolution: (none) => FIXED