--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152919 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152919 2005-06-20 --------------------------------------------------------------------- Name : grip Versions : rh73: grip-2.96-2.2.legacy Versions : rh9: grip-3.0.4-5.2.legacy Versions : fc1: grip-3.0.7-3.2.legacy Summary : A front-end for CD rippers and Ogg Vorbis encoders. Description : Grip is a GTK+ based front-end for CD rippers (such as cdparanoia and cdda2wav) and Ogg Vorbis encoders. Grip allows you to rip entire tracks or just a section of a track. Grip supports the CDDB protocol for accessing track information on disc database servers. --------------------------------------------------------------------- Update Information: A new grip package is available that fixes a remote buffer overflow. Grip is a GTK+ based front-end for CD rippers (such as cdparanoia and cdda2wav) and Ogg Vorbis encoders. Dean Brettle discovered a buffer overflow bug in the way grip handles data returned by CDDB servers. It is possible that if a user connects to a malicious CDDB server, an attacker could execute arbitrary code on the victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0706 to this issue. Users of grip should upgrade to this updated package, which contains a backported patch, and is not vulnerable to this issue. --------------------------------------------------------------------- Changelogs rh73: * Sun Jun 19 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.96-2.2.legacy - Added missing gtk+-devel BuildRequires * Sat Jun 11 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.96-2.1.legacy - Added patch for CAN-2005-0706 rh9: * Sun Jun 19 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:3.0.4-5.2.legacy - Added missing gnome-libs-devel, desktop-file-utils and cdparanoia-devel BuildPrereq * Sat Jun 11 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:3.0.4-5.1.legacy - Added patch for CAN-2005-0706 fc1: * Sun Jun 19 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:3.0.7-3.2.legacy - Added explicit autoconf213 BuildPrereq - Added missing gnome-libs-devel, desktop-file-utils and cdparanoia-devel to BuildPrereq * Sat Jun 11 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:3.0.7-3.1.legacy - Added patch for CAN-2005-0706 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: d304e1b6737a081db63277d864729dc75064e8c5 redhat/7.3/updates-testing/i386/grip-2.96-2.2.legacy.i386.rpm e650eb59926bc2778f43f585f5753f9e534dbd39 redhat/7.3/updates-testing/SRPMS/grip-2.96-2.2.legacy.src.rpm rh9: 3d8746899f009548ad85b4ac1c433c2adb900ccb redhat/9/updates-testing/i386/grip-3.0.4-5.2.legacy.i386.rpm 4c7f62387193fd9611f1a18ca670733e5351cb38 redhat/9/updates-testing/SRPMS/grip-3.0.4-5.2.legacy.src.rpm fc1: fb4889f36ad3696857c815100e81fc23cc623479 fedora/1/updates-testing/i386/grip-3.0.7-3.2.legacy.i386.rpm fde89cd9de6717ccd7f42c8f54b33fb5f91d23ad fedora/1/updates-testing/SRPMS/grip-3.0.7-3.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
