Fedora Legacy Test Update Notification: grip
Marc Deslauriers
marcdeslauriers at videotron.ca
Mon Jun 20 10:41:27 UTC 2005
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-152919
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152919
2005-06-20
---------------------------------------------------------------------
Name : grip
Versions : rh73: grip-2.96-2.2.legacy
Versions : rh9: grip-3.0.4-5.2.legacy
Versions : fc1: grip-3.0.7-3.2.legacy
Summary : A front-end for CD rippers and Ogg Vorbis encoders.
Description :
Grip is a GTK+ based front-end for CD rippers (such as cdparanoia and
cdda2wav) and Ogg Vorbis encoders. Grip allows you to rip entire tracks or
just a section of a track. Grip supports the CDDB protocol for
accessing track information on disc database servers.
---------------------------------------------------------------------
Update Information:
A new grip package is available that fixes a remote buffer overflow.
Grip is a GTK+ based front-end for CD rippers (such as cdparanoia and
cdda2wav) and Ogg Vorbis encoders.
Dean Brettle discovered a buffer overflow bug in the way grip handles
data returned by CDDB servers. It is possible that if a user connects to
a malicious CDDB server, an attacker could execute arbitrary code on the
victim's machine. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0706 to this issue.
Users of grip should upgrade to this updated package, which
contains a backported patch, and is not vulnerable to this issue.
---------------------------------------------------------------------
Changelogs
rh73:
* Sun Jun 19 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.96-2.2.legacy
- Added missing gtk+-devel BuildRequires
* Sat Jun 11 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.96-2.1.legacy
- Added patch for CAN-2005-0706
rh9:
* Sun Jun 19 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:3.0.4-5.2.legacy
- Added missing gnome-libs-devel, desktop-file-utils and
cdparanoia-devel BuildPrereq
* Sat Jun 11 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:3.0.4-5.1.legacy
- Added patch for CAN-2005-0706
fc1:
* Sun Jun 19 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:3.0.7-3.2.legacy
- Added explicit autoconf213 BuildPrereq
- Added missing gnome-libs-devel, desktop-file-utils
and cdparanoia-devel to BuildPrereq
* Sat Jun 11 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:3.0.7-3.1.legacy
- Added patch for CAN-2005-0706
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh73:
d304e1b6737a081db63277d864729dc75064e8c5
redhat/7.3/updates-testing/i386/grip-2.96-2.2.legacy.i386.rpm
e650eb59926bc2778f43f585f5753f9e534dbd39
redhat/7.3/updates-testing/SRPMS/grip-2.96-2.2.legacy.src.rpm
rh9:
3d8746899f009548ad85b4ac1c433c2adb900ccb
redhat/9/updates-testing/i386/grip-3.0.4-5.2.legacy.i386.rpm
4c7f62387193fd9611f1a18ca670733e5351cb38
redhat/9/updates-testing/SRPMS/grip-3.0.4-5.2.legacy.src.rpm
fc1:
fb4889f36ad3696857c815100e81fc23cc623479
fedora/1/updates-testing/i386/grip-3.0.7-3.2.legacy.i386.rpm
fde89cd9de6717ccd7f42c8f54b33fb5f91d23ad
fedora/1/updates-testing/SRPMS/grip-3.0.7-3.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050620/55e15c06/attachment.sig>
More information about the fedora-legacy-list
mailing list