Bug 350649 – CAN-2005-0706 security bug in cdda module

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 350649 - CAN-2005-0706 security bug in cdda module


Summary:	CAN-2005-0706 security bug in cdda module


Status:	RESOLVED FIXED

Product:	gnome-vfs
Classification:	Deprecated
Component:	Module: (other)
Version:	2.15.x
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gnome-vfs maintainers
QA Contact:	gnome-vfs maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2006-08-09 21:34 UTC by Federico Mena Quintero
Modified:	2010-05-20 20:22 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
CAN-2005-0706.diff (1.92 KB, patch) 2006-08-09 21:34 UTC, Federico Mena Quintero	none	Details \| Review

Description Federico Mena Quintero 2006-08-09 21:34:20 UTC

Although the CDDA module is deprecated / not installed by default, it still has a security bug.

Part of the attached patch is already applied (the strncpy() bits), but other parts are not (checking for track<numtracks is incomplete).

Comment 1 Federico Mena Quintero 2006-08-09 21:34:53 UTC

Created attachment 70587 [details] [review]
CAN-2005-0706.diff

Comment 2 Christian Neumair 2006-08-11 18:15:31 UTC

Thanks. Maybe you could submit this bug report to the gnome-vfs mailing list for review?

Comment 3 André Klapper 2010-05-20 20:22:52 UTC

Fixed three years after filing this by 706b54502b1d3ccb179a4d8b91c585e152bbae81.
We cool? We cool!