Module Name:	pkgsrc
Committed By:	ghen
Date:		Tue Aug 22 08:25:15 UTC 2006

Modified Files:
	pkgsrc/audio/libtunepimp [pkgsrc-2006Q2]: Makefile distinfo
Added Files:
	pkgsrc/audio/libtunepimp/patches [pkgsrc-2006Q2]: patch-ae

Log Message:
Pullup ticket 1800 - requested by salo
security fix for libtunepimp

Revisions pulled up:
- pkgsrc/audio/libtunepimp0.4/Makefile			1.3
- pkgsrc/audio/libtunepimp0.4/distinfo			1.2
- pkgsrc/audio/libtunepimp0.4/patches/patch-ae		1.1
  [applied to pkgsrc/audio/libtunepimp on pkgsrc-2006Q2]

   Module Name:	pkgsrc
   Committed By:	salo
   Date:		Mon Aug 21 17:55:01 UTC 2006

   Modified Files:
	pkgsrc/audio/libtunepimp0.4: Makefile distinfo
   Added Files:
	pkgsrc/audio/libtunepimp0.4/patches: patch-ae

   Log Message:
   Security fix for CVE-2006-3600:

   "A vulnerability in libtunepimp can be potentially exploited by
    malicious people to compromise a user's system.

    The vulnerability is caused due to a boundary error in the
    "LookupTRM::lookup()" function when retrieving album release dates.
    This can be exploited to cause a buffer overflow by returning an overly
    long release date string (more than 100 bytes).

    Successful exploitation may allow execution of arbitrary code in context
    of an application using the vulnerable library."

   http://secunia.com/advisories/21026/
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3600

   Patch from MusicBrainz SVN.  Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -r1.4 -r1.4.2.1 pkgsrc/audio/libtunepimp/Makefile
cvs rdiff -r1.3 -r1.3.2.1 pkgsrc/audio/libtunepimp/distinfo
cvs rdiff -r0 -r1.2.2.1 pkgsrc/audio/libtunepimp/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.