Source: flac Version: 1.3.2-1 Severity: important Tags: security upstream Hi,
The following vulnerability was published for flac. CVE-2017-6888[0]: | An error in the "read_metadata_vorbiscomment_()" function | (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited | to cause a memory leak via a specially crafted FLAC file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6888 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6888 [1] https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/ [2] https://git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
