UbuntuUpdates.org

Package "mpg123"

Name: mpg123

Description:

MPEG layer 1/2/3 audio player

Latest version: 1.22.4-1ubuntu0.1
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: http://mpg123.org/

Links


Download "mpg123"


Other versions of "mpg123" in Xenial

Repository Area Version
base universe 1.22.4-1
security universe 1.22.4-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.22.4-1ubuntu0.1 2018-09-06 18:06:40 UTC

  mpg123 (1.22.4-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Memory overread
    - debian/patches/CVE-2016-1000247.patch: fix DoS with crafted ID3v2
      tags.
    - CVE-2016-1000247
  * SECURITY UPDATE: Memory overread
    - debian/patches/CVE-2017-10683.patch: fix in id3.c
    - CVE-2017-10683

 -- Eduardo Barretto <email address hidden> Thu, 06 Sep 2018 12:23:27 -0300

CVE-2016-1000247 mpg123 memory overread
CVE-2017-10683 In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote den



About   -   Send Feedback to @ubuntu_updates