Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#2070 closed defect (notabug)

Is it possible to drop audioop dependency from TA

Reported by: alsroot Owned by: walter
Priority: Unspecified by Maintainer Milestone: Unspecified
Component: Turtleart Version: Unspecified
Severity: Unspecified Keywords:
Cc: Distribution/OS: openSUSE
Bug Status: Unconfirmed

Description

There is a vulnerability in audioop
http://vigilance.fr/vulnerability/Python-buffer-overflows-of-audioop-9708.
And for example openSUSE droped audioop from python package, most likely they will revert it after fixing issue. But maybe it will be easier to just remove audioop dependency from TA?

Change History (5)

comment:1 Changed 11 years ago by walter

Does TA have a dependency on audioop? I couldn't find it. Is it pulled in by gst?

comment:2 Changed 11 years ago by alsroot

  • Resolution set to notabug
  • Status changed from new to closed

Sorry, it was in TA-83...

comment:3 Changed 11 years ago by walter

I just checked the tar file for 0.83 and there is no audioop.so (nor do I think it would have been called by so recent a version). I wonder if this is an example of install not removing old files?

comment:4 Changed 11 years ago by alsroot

talogo.py from v83 contains "import audioop" but looks like doesn't use it anymore.

comment:5 Changed 11 years ago by walter

Must have before I cleaned up the spurious imports... Thanks for tracking this down.

Note: See TracTickets for help on using tickets.