Subject: CVS commit: [pkgsrc-2005Q1] pkgsrc
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 04/16/2005 15:47:16
Module Name: pkgsrc
Committed By: salo
Date: Sat Apr 16 15:47:16 UTC 2005
Modified Files:
pkgsrc/audio/gnome-vfs2-cdda [pkgsrc-2005Q1]: Makefile
pkgsrc/sysutils/gnome-vfs2 [pkgsrc-2005Q1]: distinfo
Added Files:
pkgsrc/sysutils/gnome-vfs2/patches [pkgsrc-2005Q1]: patch-ac
Log Message:
Pullup ticket 439 - requested by Julio M. Merino Vidal
security fix for gnome-vfs2-cdda
Revisions pulled up:
- pkgsrc/audio/gnome-vfs2-cdda/Makefile 1.6
- pkgsrc/sysutils/gnome-vfs2/patches/patch-ac 1.5
Patch provided by the submitter for gnome-vfs2/distinfo.
Module Name: pkgsrc
Committed By: jmmv
Date: Tue Apr 12 20:12:02 UTC 2005
Modified Files:
pkgsrc/audio/gnome-vfs2-cdda: Makefile
pkgsrc/sysutils/gnome-vfs2: distinfo
Added Files:
pkgsrc/sysutils/gnome-vfs2/patches: patch-ac
Log Message:
Apply patch from Gentoo to fix security problem in the cdda module.
Bump gnome-vfs2-cdda's module to 1.
Quoting the Gentoo advisory: "The GnomeVFS and libcdaudio libraries
contain a buffer overflow that can be triggered by a large CDDB response,
potentially allowing the execution of arbitrary code."
See http://www.gentoo.org/security/en/glsa/glsa-200504-07.xml and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 for more
information.
To generate a diff of this commit:
cvs rdiff -r1.5 -r1.5.2.1 pkgsrc/audio/gnome-vfs2-cdda/Makefile
cvs rdiff -r1.33 -r1.33.2.1 pkgsrc/sysutils/gnome-vfs2/distinfo
cvs rdiff -r0 -r1.4.4.1 pkgsrc/sysutils/gnome-vfs2/patches/patch-ac
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.