Subject: CVS commit: pkgsrc
To: None <pkgsrc-changes@NetBSD.org>
From: Julio M. Merino Vidal <jmmv@netbsd.org>
List: pkgsrc-changes
Date: 04/12/2005 20:12:02
Module Name: pkgsrc
Committed By: jmmv
Date: Tue Apr 12 20:12:02 UTC 2005
Modified Files:
pkgsrc/audio/gnome-vfs2-cdda: Makefile
pkgsrc/sysutils/gnome-vfs2: distinfo
Added Files:
pkgsrc/sysutils/gnome-vfs2/patches: patch-ac
Log Message:
Apply patch from Gentoo to fix security problem in the cdda module. Bump
gnome-vfs2-cdda's module to 1.
Quoting the Gentoo advisory: "The GnomeVFS and libcdaudio libraries contain
a buffer overflow that can be triggered by a large CDDB response, potentially
allowing the execution of arbitrary code."
See http://www.gentoo.org/security/en/glsa/glsa-200504-07.xml and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 for more
information.
To generate a diff of this commit:
cvs rdiff -r1.5 -r1.6 pkgsrc/audio/gnome-vfs2-cdda/Makefile
cvs rdiff -r1.35 -r1.36 pkgsrc/sysutils/gnome-vfs2/distinfo
cvs rdiff -r0 -r1.5 pkgsrc/sysutils/gnome-vfs2/patches/patch-ac
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.