This bug was fixed in the package mpg123 - 1.25.13-1ubuntu0.2
---------------
mpg123 (1.25.13-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: incomplete fix for OOB write (LP: #2089680)
- debian/patches/CVE-2024-10573-2.patch: safeguard against attempts to
decode if decoder setup failed and user ignored the returned error
code in src/libmpg123/format.c, src/libmpg123/frame.h,
src/libmpg123/libmpg123.c, src/mpg123.c.
- CVE-2024-10573
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 26 Nov 2024
10:23:12 -0500
** Changed in: mpg123 (Ubuntu Focal)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-10573
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to mpg123 in Ubuntu.
https://bugs.launchpad.net/bugs/2089680
Title:
Insufficient fix for CVE-2024-10573
Status in mpg123 package in Ubuntu:
Fix Released
Status in mpg123 source package in Focal:
Fix Released
Status in mpg123 source package in Jammy:
Fix Released
Status in mpg123 source package in Noble:
Fix Released
Status in mpg123 source package in Oracular:
Fix Released
Status in mpg123 source package in Plucky:
Fix Released
Bug description:
The fix for CVE-2024-10573 is insufficient in certain releases,
pending investigation. This is the tracking bug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mpg123/+bug/2089680/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
