[SECURITY] Fedora 17 Update: taglib-1.7.1-1.fc17
updates at fedoraproject.org
updates at fedoraproject.org
Thu Apr 12 03:24:20 UTC 2012
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-4184
2012-03-20 05:53:50
--------------------------------------------------------------------------------
Name : taglib
Product : Fedora 17
Version : 1.7.1
Release : 1.fc17
URL : http://launchpad.net/taglib
Summary : Audio Meta-Data Library
Description :
TagLib is a library for reading and editing the meta-data of several
popular audio formats. Currently it supports both ID3v1 and ID3v2 for MP3
files, Ogg Vorbis comments and ID3 tags and Vorbis comments in FLAC, MPC,
Speex, WavPack, TrueAudio files, as well as APE Tags.
--------------------------------------------------------------------------------
Update Information:
New upstream release, largely to address security issues related to ogg xiphcomments and ape sampleRate=0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #800559 - CVE-2012-1108 taglib: ogg file with vendorLength field modification causes crash
https://bugzilla.redhat.com/show_bug.cgi?id=800559
[ 2 ] Bug #800553 - CVE-2012-1107 taglib: ape file with sampleRate 0 causes crash
https://bugzilla.redhat.com/show_bug.cgi?id=800553
[ 3 ] Bug #810009 - CVE-2012-1584 taglib: integer overflow can crash application
https://bugzilla.redhat.com/show_bug.cgi?id=810009
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update taglib' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list