1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
PublicDateAtUSN: 2014-11-26
Candidate: CVE-2014-9028
PublicDate: 2014-11-26
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9028
http://www.ubuntu.com/usn/usn-2426-1
Description:
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1
allows remote attackers to execute arbitrary code via a crafted .flac file.
Ubuntu-Description:
Notes:
sbeattie> android moved from libflac 1.2.1 to 1.3.1, plus extra fix
listed below
jdstrand> as with previous stagefright issues, this issue affects Ubuntu's
android packages, but not in a way that is exposed to apps. See
CVE-2015-1538 for details
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770918
Priority: medium
Discovered-by: Michele Spagnuolo and Miroslav Lichvar
Assigned-to:
Patches_flac:
upstream: https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
upstream: https://git.xiph.org/?p=flac.git;a=commit;h=5a365996d739bdf4711af51d9c2c71c8a5e14660
upstream_flac: released (1.3.1)
lucid_flac: released (1.2.1-2ubuntu0.1)
precise_flac: released (1.2.1-6ubuntu0.1)
trusty_flac: released (1.3.0-2ubuntu0.14.04.1)
utopic_flac: released (1.3.0-2ubuntu0.14.10.1)
vivid_flac: released (1.3.0-2ubuntu1)
vivid/stable-phone-overlay_flac: released (1.3.0-2ubuntu1)
vivid/ubuntu-core_flac: DNE
wily_flac: not-affected (1.3.0-2ubuntu1)
devel_flac: not-affected (1.3.0-2ubuntu1)
Priority_android: negligible
Patches_android:
google: https://android.googlesource.com/platform/external/flac/+/5859ae22db0a2d16af3e3ca19d582de37daf5eb6%5E!/#F0
upstream_android: released (5.1.1 LMY48T)
precise_android: DNE
trusty_android: ignored
vivid_android: ignored
vivid/stable-phone-overlay_android: ignored
vivid/ubuntu-core_android: DNE
wily_android: ignored
devel_android: ignored
|