The fix for CVE-2014-9028 (which was initially fixed in 1.3.1 upstream) caused a regression in seeking, a fix for which was included in upstream git after 1.3.1. The more correct fix was included in a RedHat advisory on March 31: https://rhn.redhat.com/errata/RHSA-2015-0767.html as well as the Mandriva advisory on April 1: http://www.mandriva.com/en/support/security/advisories/mbs2/MDVSA-2015%3A188/ Oden has updated our CVE-2014-9028 patch with the additional fixes from upstream. You can find testing information in our previous update in Bug 14658. Advisory: ---------------------------------------- Updated flac packages fix regression: In MGASA-2014-0499, a fix for a heap overflow in libFLAC (CVE-2014-9028) was implemented, which caused a problem with seeking. A more correct fix has been implemented that does not cause any known regressions. References: http://advisories.mageia.org/MGASA-2014-0499.html ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- flac-1.3.0-2.2.mga4 libflac8-1.3.0-2.2.mga4 libflac-devel-1.3.0-2.2.mga4 libflac++6-1.3.0-2.2.mga4 libflac++-devel-1.3.0-2.2.mga4 from flac-1.3.0-2.2.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => has_procedure
Testing complete mga4 64 Used VLC (which requires lib64flac8) to seek forward and backwards in the flac file. Also as below.. $ flac -a flacfile.flac flac 1.3.0, Copyright (C) 2000-2009, 2011-2013 Josh Coalson & Xiph.Org Foundation flac comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. Type `flac' for details. flacfile.flac: done This analyses the flac file and creates a flacfile.ana which presumably contains some analysis data. $ flac -t flacfile.flac flac 1.3.0, Copyright (C) 2000-2009, 2011-2013 Josh Coalson & Xiph.Org Foundation flac comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. Type `flac' for details. flacfile.flac: ok Also opened flacfile.flac in kwave sound editor, which requires lib64flac++6
Whiteboard: has_procedure => has_procedure mga4-64-ok
Advisory uploaded.
Whiteboard: has_procedure mga4-64-ok => has_procedure advisory mga4-64-ok
Testing complete mga4 32 Validating. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory mga4-64-ok => has_procedure advisory mga4-64-ok mga4-32-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGAA-2015-0038.html
Status: NEW => RESOLVEDResolution: (none) => FIXED