Uploaded image for project: 'AI Platform Core Components'
  1. AI Platform Core Components
  2. AIPCC-841

Handle CVE-2017-11551 in libid3tag

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • None
    • Accelerator Enablement
    • False
    • Hide

      None

      Show
      None
    • False

      libi3dtag is planned for RHEL AI 2.0. It is in RHEL AI 1.4, but only in git (not the RPM) for 1.5.

      In all these branches, it is at version-release 0.15.1b-34, in sync with EPEL9. It has a patch for CVE-2017-11550, but not for CVE-2017-11551. (They were published at the same time.)

      libid3tag was in RHEL8, and ProdSec may have reviewed it and decided not to address CVE-2017-11551. However because RHEL AI is a different product, we should review this with ProdSec.

              Unassigned Unassigned
              mdepaulo@redhat.com Mike DePaulo
              Antonio's Team
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: