libmad: Assertion failed; buffer overflow

Debian Bug report logs - #287519
libmad: Assertion failed; buffer overflow

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: justin@rtfo.org

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libmad: Assertion failed; buffer overflow

Date: Tue, 28 Dec 2004 10:12:37 -0500

Package: libmad0
Version: 0.15.1b-1
Severity: normal
File: libmad

After enabling assertions in config.h:

mpg321: layer3.c:2633: mad_layer_III: Assertion `stream->md_len + md_len
- si.main_data_begin <= (511 + 2048 + 8)' failed.

This can crash mpg321; see my opened bug there.

-- System Information:
Debian Release: 3.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.7-5-amd64-k8-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libmad0 depends on:
ii  libc6          2.3.2.ds1-19.0.0.2.pure64 GNU C Library: Shared libraries an

-- no debconf information

Message #10 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Glenn Maynard <glenn@zewt.org>

To: 287519@bugs.debian.org

Subject: Assertion failed; buffer overflow

Date: Sun, 16 Jan 2005 11:53:03 -0500

I've hit this, too.  I reported this upstream in October, and pinged a
couple weeks ago, but havn't been able to elicit a response, even though
Rob Leslie has responded to other issues (broken spam filter, maybe?).

  http://www.mars.org/mailman/public/mad-dev/2004-October/001115.html

This is really annoying, since the assertion isn't compiled into release
libraries, which means that it's clobbering memory and crashing later--causing
hard-to-trace memory corruption later on.

-- 
Glenn Maynard

Message #19 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Justin Pryzby <justinpryzby@users.sourceforge.net>

To: undisclosed-recipients: ;

Subject: bug comments?

Date: Thu, 29 Sep 2005 23:26:26 -0400

Comments on this bug?
-- 
Clear skies@bugs.debian.org,
Justin

Message #30 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: 287519@bugs.debian.org

Cc: Justin Pryzby <justinpryzby@users.sourceforge.net>, Glenn Maynard <glenn@zewt.org>

Subject: Re: libmad: Assertion failed; buffer overflow

Date: Sun, 15 Jan 2006 16:07:19 +0100

Hi,

I've been trying to reproduce this bug with Glenn's testfile but
was unable to do it.  It gives all kind of error messages, but
that is about all it does.

Can someone still reproduce this problem?


Kurt

Message #35 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Glenn Maynard <glenn@zewt.org>

To: Kurt Roeckx <kurt@roeckx.be>

Cc: 287519@bugs.debian.org, Justin Pryzby <justinpryzby@users.sourceforge.net>

Subject: Re: libmad: Assertion failed; buffer overflow

Date: Sun, 15 Jan 2006 13:06:24 -0500

On Sun, Jan 15, 2006 at 04:07:19PM +0100, Kurt Roeckx wrote:
> I've been trying to reproduce this bug with Glenn's testfile but
> was unable to do it.  It gives all kind of error messages, but
> that is about all it does.
> 
> Can someone still reproduce this problem?

I still can, in unstable.

wget http://www.bsd-dk.dk/~elrond/audio/madlld/files/madlld-1.1p1.tar.gz
tar zxvf madlld-1.1p1.tar.gz
cd madlld-1.1p1
 - change INPUT_BUFFER_SIZE on madlld.c line 311 to (4*8192)
make
wget 'http://zewt.org/~glenn/testfile'
./madlld < testfile

madlld: layer3.c:2633: mad_layer_III: Assertion `stream->md_len + md_len - si.main_data_begin <= (511 + 2048 + 8)' failed.

(I'm glad that assertions are enabled in Debian's library.  My build,
wherever it was I had originally troubleshot this, didn't, and it would
have saved much work.)

-- 
Glenn Maynard

Message #40 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Justin Pryzby <justinpryzby@users.sourceforge.net>

To: 287519@bugs.debian.org

Subject: Assertion failed; buffer overflow

Date: Wed, 1 Mar 2006 14:37:09 -0500

Can I expect to see this bug fixed for etch?

http://bugs.debian.org/287519

Justin

Message #45 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Justin Pryzby <justinpryzby@users.sourceforge.net>, 287519@bugs.debian.org

Subject: Re: [pkg-mad-maintainers] Bug#287519: Assertion failed; buffer overflow

Date: Wed, 1 Mar 2006 21:24:52 +0100

On Wed, Mar 01, 2006 at 02:37:09PM -0500, Justin Pryzby wrote:
> Can I expect to see this bug fixed for etch?
> 
> http://bugs.debian.org/287519

If someone comes up with a good patch, yes.

I've looked at it, I can reproduce it, but I have to admit I
don't understand enough about the code yet to be able to come up
with a good fix.


Kurt

Message #50 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Justin Pryzby <justinpryzby@users.sourceforge.net>

To: Rob Leslie <rob@mars.org>, mad-dev@lists.mars.org, 287519@bugs.debian.org

Subject: libmad assertion failure, repost

Date: Fri, 24 Mar 2006 10:03:04 -0500

Hello *,

I wanted to bring your attention to a libmad assertion failure
experienced through mpg321.  The bug report is at:
  http://bugs.debian.org/287519

Glenn Maynard previously posted the problem to this list, but got no
response, so I wanted to send another ping since the problem still
exists.

Thanks
Justin

Message #55 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Sam Clegg <sam@superduper.net>

To: Justin Pryzby <justinpryzby@users.sourceforge.net>, 287519@bugs.debian.org

Subject: Re: [pkg-mad-maintainers] Bug#287519: libmad assertion failure, repost

Date: Fri, 24 Mar 2006 15:24:16 +0000

Justin Pryzby wrote:
> Hello *,
> 
> I wanted to bring your attention to a libmad assertion failure
> experienced through mpg321.  The bug report is at:
>   http://bugs.debian.org/287519
> 
> Glenn Maynard previously posted the problem to this list, but got no
> response, so I wanted to send another ping since the problem still
> exists.

I'll try and reproduce this today and see if I can suggest a reasonable
fix.

-- 
sam clegg
:: sam@superduper.net :: http://superduper.net/ :: PGP : D91EE369
$superduper: .signature,v 1.13 2003/06/17 10:29:24 sam Exp $

Message #60 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Justin Pryzby <justinpryzby@users.sourceforge.net>

To: Sam Clegg <sam@superduper.net>, mad-dev@lists.mars.org

Cc: control@bugs.debian.org, 287519@bugs.debian.org

Subject: Re: [pkg-mad-maintainers] Bug#287519: libmad assertion failure, repost

Date: Thu, 8 Jun 2006 11:18:03 -0400

found 264008 0.2.10.3
found 287519 0.15.1b-2.1
thanks

On Fri, Mar 24, 2006 at 03:24:16PM +0000, Sam Clegg wrote:
> Justin Pryzby wrote:
> > Hello *,
> > 
> > I wanted to bring your attention to a libmad assertion failure
> > experienced through mpg321.  The bug report is at:
> >   http://bugs.debian.org/287519
> > 
> > Glenn Maynard previously posted the problem to this list, but got no
> > response, so I wanted to send another ping since the problem still
> > exists.
> 
> I'll try and reproduce this today and see if I can suggest a reasonable
> fix.
Hello Sam,

Were you able to make any progress on this bug?

Thanks
Justin

Message #71 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Touko Korpela <tkorpela@phnet.fi>

To: control@bugs.debian.org

Cc: 287519@bugs.debian.org

Subject: severity of 287519 is grave

Date: Sun, 23 Sep 2007 15:14:56 +0300

# Automatically generated email from bts, devscripts version 2.10.8
#this is causing segfaults in other packages, see bug 407002
severity 287519 grave

Message #78 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Touko Korpela <tkorpela@phnet.fi>

To: 287519@bugs.debian.org

Subject: Here is relevant lines from xine crash (#407002)

Date: Sun, 23 Sep 2007 15:36:08 +0300

xine: found demuxer plugin: mpeg pes demux plugin
video discontinuity #1, type is 0, disc_off 0
waiting for audio discontinuity #1
audio discontinuity #1, type is 0, disc_off 0
waiting for in_discontinuity update #1
vpts adjusted with prebuffer to 37691
av_offset=0 pts
spu_offset=0 pts
xine_play
play_internal ...done
load_plugins: plugin mad will be used for audio streamtype 01.
libmad: ALERT input buffer too small (22681 bytes, 16384 avail)!
xiTK received SIGSEGV signal, RIP.

Message #83 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Touko Korpela <tkorpela@phnet.fi>, 287519@bugs.debian.org

Cc: 407002@bugs.debian.org

Subject: Re: xine-ui: multiple segmentation faults

Date: Sun, 23 Sep 2007 14:53:48 +0200

On Sun, Sep 23, 2007 at 03:14:56PM +0300, Touko Korpela wrote:
> # Automatically generated email from bts, devscripts version 2.10.8
> #this is causing segfaults in other packages, see bug 407002
> severity 287519 grave

I don't believe this is a bug in libmad.  And if it's one in libmad,
it's clearly a different one.

It shows the error string:
libmad: ALERT input buffer too small (22681 bytes, 16384 avail)!

I don't know what generates that error string, but it's clearly not
from the libmad in Debian.  The function mad_stream_errorstr()
can do:
  case MAD_ERROR_BUFLEN:         return "input buffer too small (or EOF)";

And that is to indicate that it didn't get enough data.  This error is
returned by libmad in mad_header_decode().  It looks to me like libmad
is working properly in this case, and that something else is causing
a segfault.

I suggest you start by running it under gdb or letting it generate
a core file, to see where it really crashes.


Kurt

Message #90 received at 287519@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: 287519@bugs.debian.org

Cc: Glenn Maynard <glenn@zewt.org>, Justin Pryzby <justinpryzby@users.sourceforge.net>

Subject: #287519: libmad: Assertion failed; buffer overflow

Date: Wed, 24 Dec 2008 14:24:06 +0100

Hi,

I can't reproduce the error with 0.15.1b-4 anymore.


Kurt

Message #95 received at 287519-close@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: 287519-close@bugs.debian.org

Subject: Bug#287519: fixed in libmad 0.15.1b-9

Date: Sun, 28 Jan 2018 19:35:54 +0000

Source: libmad
Source-Version: 0.15.1b-9

We believe that the bug you reported is fixed in the latest version of
libmad, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 287519@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated libmad package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 28 Jan 2018 16:28:46 +0100
Source: libmad
Binary: libmad0 libmad0-dev
Architecture: source
Version: 0.15.1b-9
Distribution: unstable
Urgency: high
Maintainer: Mad Maintainers <pkg-mad-maintainers@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description:
 libmad0    - MPEG audio decoder library
 libmad0-dev - MPEG audio decoder development library
Closes: 287519
Changes:
 libmad (0.15.1b-9) unstable; urgency=high
 .
   * Properly check the size of the main data. The previous patch
     only checked that it could fit in the buffer, but didn't ensure there
     was actually enough room free in the buffer. This was assigned both
     CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
     different way to detect it. (Closes: #287519)
   * Rewrite patch to check the size of buffer. It now checks it before reading
     it instead of afterwards checking that we did read too much. This now also
     covers parsing the frame and layer3, not just layer 1 and 2. This was
     original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
Checksums-Sha1:
 57cdaf8db3f692fbb3ae676d2ba280c869a6f0f2 1860 libmad_0.15.1b-9.dsc
 0ab6e005cbc0e553d99784b520cd92f93eafc68a 13536 libmad_0.15.1b-9.diff.gz
 c11dc21dc3a20731221e31eb702e70f4bbc61128 6754 libmad_0.15.1b-9_source.buildinfo
Checksums-Sha256:
 4c0e95ae62cb51e2e9d80f47c967a9efbff5846c8076ba0ceddb1006fc6c58de 1860 libmad_0.15.1b-9.dsc
 b538f3f2e1686623f571561949bbd190a398fd6c288badbe81ec28499b9672e3 13536 libmad_0.15.1b-9.diff.gz
 a3251532ddda9fe1895c65ef1eba0acea6eed3436bbbe07233e744a3d8a81663 6754 libmad_0.15.1b-9_source.buildinfo
Files:
 63450fb09c6fa823ba948bc8fd15a866 1860 sound optional libmad_0.15.1b-9.dsc
 0cfc29f958d2b3661c82f260a84fe356 13536 sound optional libmad_0.15.1b-9.diff.gz
 c9a57a8888b9def24a7377caf5454692 6754 sound optional libmad_0.15.1b-9_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlpuIeQACgkQ48TdzR5M
EkSgLA/+LNIJjwdIz9R3Y0dVN8Zpf3D+CgkjTHkGdBNjcix6VrIJ8LyXwp4JBOoS
ngtIherhIjGWmgj/u6/CedspusPsr6zA3/SFvFofc3pMqOynvisXfSbXazclTone
A2Y+ALMXdV8FARE6e3lDFmtWwEBujJXQhTpl+5kVrNY7yQbiZF6yvUp/ouOms8uF
29huwxRObaRx2sB5w3HULnLhuFpNAVFVMNV3EZ6ovX0qtmW5C6IR5GbSiCBSe7VV
OSdc3SrdABmhKAZ3s2bqXRvZrgQ9/qzz0HYs6UEk1m2cGkijPpgagNwH7LwKRNgL
WXWjRwM1PVQtdXg2rmP1anPnP9K7C4BFi8ccibW3u7RMcS1h4NBHTYJ8ZaAzHji9
e1bdw9AsOpPJ0Y0pUdyh/HS2x2nZEPM5Asn3ReZvtvpmg+UfVTEeV7W3XjCXu8P/
urTdSycP2+gyjNn+bncpqEv1JMDVTcQ/jJ+lRB7EomS2GvkaMpo3VeBJoZuPki5Y
POBFI44y9J5uV8ggNs1xeUDzuiO9UX7Gu7u5iBUzobtBRXNvknk1BZ2klJnLWiVR
NXVUGDxa5g3kMQObcfdaSyusfUwDUKFPJp1Shp24HUUsYM3gaQ2JeVOujcVDWxss
4gAzYeLAT1hI81uNEfhp4wIxSxR6PMZ0kXG+nwqFsCDhq5ZeqfQ=
=ZeFP
-----END PGP SIGNATURE-----

Message #100 received at 287519-close@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: 287519-close@bugs.debian.org

Subject: Bug#287519: fixed in libmad 0.15.1b-8+deb9u1

Date: Mon, 07 May 2018 11:32:11 +0000

Source: libmad
Source-Version: 0.15.1b-8+deb9u1

We believe that the bug you reported is fixed in the latest version of
libmad, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 287519@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated libmad package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 13:20:28 +0200
Source: libmad
Binary: libmad0 libmad0-dev
Architecture: source amd64
Version: 0.15.1b-8+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Mad Maintainers <pkg-mad-maintainers@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description:
 libmad0    - MPEG audio decoder library
 libmad0-dev - MPEG audio decoder development library
Closes: 287519
Changes:
 libmad (0.15.1b-8+deb9u1) stretch-security; urgency=high
 .
   * Properly check the size of the main data. The previous patch
     only checked that it could fit in the buffer, but didn't ensure there
     was actually enough room free in the buffer. This was assigned both
     CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
     different way to detect it. (Closes: #287519)
   * Rewrite patch to check the size of buffer. It now checks it before reading
     it instead of afterwards checking that we did read too much. This now also
     covers parsing the frame and layer3, not just layer 1 and 2. This was
     original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
Checksums-Sha1:
 04cc06ae09edb60f1cda7beaac6a744885b350be 1926 libmad_0.15.1b-8+deb9u1.dsc
 cac19cd00e1a907f3150cc040ccc077783496d76 502379 libmad_0.15.1b.orig.tar.gz
 12db76295603655c090a5aeae6a5bf8c4bf3b763 13490 libmad_0.15.1b-8+deb9u1.diff.gz
 a6408f5bf8842a7247ce5c58a735021e3be91f05 3632 libmad0-dbgsym_0.15.1b-8+deb9u1_amd64.deb
 19aa8b3ddd126d72949ca65100f4edf57961342c 78676 libmad0-dev_0.15.1b-8+deb9u1_amd64.deb
 8004b2586e618f8a2536521d4c45f2a36198230c 70728 libmad0_0.15.1b-8+deb9u1_amd64.deb
 c97af0ebefe028d21ebdc2f316979f96448491be 6336 libmad_0.15.1b-8+deb9u1_amd64.buildinfo
Checksums-Sha256:
 022e21d5adaa93adb98b604b5aa444df85f55eb2365d9f26b340976b3ad7ebaa 1926 libmad_0.15.1b-8+deb9u1.dsc
 bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690 502379 libmad_0.15.1b.orig.tar.gz
 e9f0d81cfeea77e3e6b09ff153c65b6a3d5232382e70b7a754c447720d8a12c2 13490 libmad_0.15.1b-8+deb9u1.diff.gz
 a49b0025361730de473f837bb709d82effeec0cc0e9dab916fb6027dcfc56de3 3632 libmad0-dbgsym_0.15.1b-8+deb9u1_amd64.deb
 da774302b902a5f92f266e92f105adbd5c717846963626e4af71b3d2006aa794 78676 libmad0-dev_0.15.1b-8+deb9u1_amd64.deb
 8d3c851119b943be053d67a83701f79d3fa3f14c7bed7458f353a8c366a4be7e 70728 libmad0_0.15.1b-8+deb9u1_amd64.deb
 650059267cbc61fe54b13ddb2a346186397a1ab7bf876864e09f8eb2567aeb76 6336 libmad_0.15.1b-8+deb9u1_amd64.buildinfo
Files:
 c801fe1e9b8c21055a46ddede164299f 1926 sound optional libmad_0.15.1b-8+deb9u1.dsc
 1be543bc30c56fb6bea1d7bf6a64e66c 502379 sound optional libmad_0.15.1b.orig.tar.gz
 94a2ba304d0482051e8e18fb5f71cf80 13490 sound optional libmad_0.15.1b-8+deb9u1.diff.gz
 9765426c66cba4d3a92012f55ea429c6 3632 debug extra libmad0-dbgsym_0.15.1b-8+deb9u1_amd64.deb
 eac4e030d64d45c518676993c657be74 78676 libdevel optional libmad0-dev_0.15.1b-8+deb9u1_amd64.deb
 2f210109b458df559e4c1f3577e04455 70728 libs optional libmad0_0.15.1b-8+deb9u1_amd64.deb
 4e271c3c7b5ed04a1d9eab24e8f112e0 6336 sound optional libmad_0.15.1b-8+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlroY8QACgkQ48TdzR5M
EkRGnQ//eLKBX7VIlHBdrGrfe0VpVA280trMVGfR10OYz+OUdQitS7hJjPs/h7qK
Ygocb+zvA3+lS1RlacmGd21aeWU0wUL4g6bc/T6/oVCpH+Erzgwpv1DwYbYstSWl
vGJCSIpsQN5beZJ7rMA7P8++7mjCvr7SaKB6ffsTOG3da2xbZrGOcRBqC35X/nkW
GkkKWSpynEwwhmyK04H3g6c8Ef53humLrb8RGsvZCF0HQi/aXGUDCGoADpjqyV5p
5JBLUj3e+O3+OHWmBNj/fmO+wT8srbWtzkmOWGmVCXL+t1EMJmRnbmGAn1Lims5w
cGyZm1WNVNO7sqDbH8HpKqYnxovTTKe1ftv9TooGAFq5YpZ/oaoUx3OIF30yFHEJ
RV7TWn1SjstClvEkdEXY6eCH4ZYlUs7LBtTP24y7ncdj12FqnwxMg/68ZGItTMcE
FYZEFNgm6MCokfLb2eGpvOl9Z6k+GX2omy0sD7/KJ2myokpwlKRKppU/KLZmoIHX
H8ujTwMsAPeVAwmSI7HnFa6RiLomOLd/3tW5J3D2JfD33/LFyD0kkaWZ7CYdrnkm
fRXt44D/fwu1al3VayiGqizSHJ+cFiY66TmvxPaPz8h4polGOXoCbbuQienc2dVa
mrce5MxjekfMuxGtAsABWH6XFtXgOrQ+FwJBtgrKlJeGetj2WBo=
=N85J
-----END PGP SIGNATURE-----

Message #105 received at 287519-close@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: 287519-close@bugs.debian.org

Subject: Bug#287519: fixed in libmad 0.15.1b-8+deb8u1

Date: Mon, 07 May 2018 11:35:51 +0000

Source: libmad
Source-Version: 0.15.1b-8+deb8u1

We believe that the bug you reported is fixed in the latest version of
libmad, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 287519@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated libmad package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 13:20:28 +0200
Source: libmad
Binary: libmad0 libmad0-dev
Architecture: source amd64
Version: 0.15.1b-8+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Mad Maintainers <pkg-mad-maintainers@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description:
 libmad0    - MPEG audio decoder library
 libmad0-dev - MPEG audio decoder development library
Closes: 287519
Changes:
 libmad (0.15.1b-8+deb8u1) jessie-security; urgency=high
 .
   * Properly check the size of the main data. The previous patch
     only checked that it could fit in the buffer, but didn't ensure there
     was actually enough room free in the buffer. This was assigned both
     CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
     different way to detect it. (Closes: #287519)
   * Rewrite patch to check the size of buffer. It now checks it before reading
     it instead of afterwards checking that we did read too much. This now also
     covers parsing the frame and layer3, not just layer 1 and 2. This was
     original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
Checksums-Sha1:
 62c756feea4ab78319f65fad4eed3c659b808440 1926 libmad_0.15.1b-8+deb8u1.dsc
 cac19cd00e1a907f3150cc040ccc077783496d76 502379 libmad_0.15.1b.orig.tar.gz
 b67e223e57dbad575e8850cad7c5ad1c65ae331c 13490 libmad_0.15.1b-8+deb8u1.diff.gz
 d68b13b04d08b96674f1384dd2de15a3defd5ac4 69232 libmad0_0.15.1b-8+deb8u1_amd64.deb
 67c4168412c14ad485d6178b0ba1690ff4876280 78034 libmad0-dev_0.15.1b-8+deb8u1_amd64.deb
Checksums-Sha256:
 989206361a434043439761bc28c2fb78c23f0288ee064214f6bcbba67f9c3141 1926 libmad_0.15.1b-8+deb8u1.dsc
 bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690 502379 libmad_0.15.1b.orig.tar.gz
 f5bd15e31442cce502ae593c6ed66b09f97440d4d04690cbc5374e773a02d5d7 13490 libmad_0.15.1b-8+deb8u1.diff.gz
 5071f7777da93fe8c00574775ef436f92a87570e51ee7b9b55ceeaad6e90e6ed 69232 libmad0_0.15.1b-8+deb8u1_amd64.deb
 d93b0831212080e8a6e8f6f7b7cbc058bbdac9fb5d19a63bee725f4272ac5600 78034 libmad0-dev_0.15.1b-8+deb8u1_amd64.deb
Files:
 27814037e7b8fb21927914915badb82b 1926 sound optional libmad_0.15.1b-8+deb8u1.dsc
 1be543bc30c56fb6bea1d7bf6a64e66c 502379 sound optional libmad_0.15.1b.orig.tar.gz
 92978cfeb59a5a45273ac1c9c3c3df79 13490 sound optional libmad_0.15.1b-8+deb8u1.diff.gz
 445590759791e38cbe8c2665099f1780 69232 libs optional libmad0_0.15.1b-8+deb8u1_amd64.deb
 7639b7be551f805c47997827f3dd1573 78034 libdevel optional libmad0-dev_0.15.1b-8+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlroY5IACgkQ48TdzR5M
EkTOMA//f1oyd7qmJ7cO8TLC8xWPlLvmPTdW+HAywmqq3z+lvSfXqMnYhceyKnCH
RcKAx8/zfFseHPVl7w14CWMEC/+pjKOlp9vD9NhQ3DQphnom4HmqCRhfHUaosPoA
AJNNujXrts5QjvZImGgfFftAWBaVWGs90CiK1iM8lbJV9B/p1g7oWCoOw+fz13OX
Jd3Kx2gf6BAV2aWpY6AezkaBL4PNay5O6P7W4+h7LFsbkg76s7rmbjE5SvWcy2BT
NzKuPqg4zO/Bv3D5ZTb47rllewW/oEfda6Mljv1pY+SHa5PioSiE6C7nyWKz4UFJ
tU9egVQAHOexBWDRZQ4pOeq+WFSiPFBLUU8yClp4MILDCYkKeu6Er+7HCiySiElu
g56HbbUgkzIGdM3eZFtiZKzTFpsV54yyr8h+Z0FNwQwJtKc5ZbVOsZnEN3z9uSQ6
Qe/phw0iYc+iZEFAJZf7oprI0Rf2plbDzofxmv/Dk1wws48y9OoQXFlmFvqV+L94
kfY+Ej3y5WbRZbjHL7Hu/p3Th4611LxEcVJuCf6D4k30ikcvSN1u2QcM8WyUSV2x
O49Mr5P2x751tyqPOFISb9R7WWvRXAnDC05paxrA7FJMnruU4zN6hLHmoXV+6hBx
bLHvl0av9xPvsbR0GSjJLqTW0CFwIq451NwCF23ROuztLy7hh/0=
=EQWZ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.