[Mageia-dev] taglib CVE for MP4 files

Shlomi Fish shlomif at shlomifish.org
Mon May 14 21:21:27 CEST 2012


Hi David,

On Mon, 14 May 2012 11:43:46 -0700 (PDT)
David Walser <luigiwalser at yahoo.com> wrote:

> taglib 1.7.2 was issued to fix a minor security DoS issue due to a divide by zero error in the MP4 file decoder.
> 
> I built it in updates_testing but I don't have an MP4 file to test it with.
> 
> If interested people could test it, it could be pushed to updates.  Thanks.
> 

Thanks for your work. I have some .mp4s files (mostly videos) around, which I
have downloaded from YouTube using youtube-dl (and you can too). But what
should I do to test that the bug was fixed? Can you provide instructions?

Regards,

	Shlomi Fish

-- 
-----------------------------------------------------------------
Shlomi Fish       http://www.shlomifish.org/
Understand what Open Source is - http://shlom.in/oss-fs

Tcl is Lisp on drugs. Using strings instead of S‐expressions for closures is
Evil with one of those gigantic E’s you can find at the beginning of chapters.

Please reply to list if it's a mailing list post - http://shlom.in/reply .


More information about the Mageia-dev mailing list