[ubuntu/noble-security] tracker-miners 3.7.1-1ubuntu0.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Feb 5 15:59:08 UTC 2026
tracker-miners (3.7.1-1ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2026-1764.patch: check for valid offsets
extracting MP3 performer tags in
src/tracker-extract/tracker-extract-mp3.c.
- CVE-2026-1764
* SECURITY UPDATE: NULL Pointer Dereference
- debian/patches/bug426.patch: bail out on 0-size frame for ID3v2.0
tags in src/tracker-extract/tracker-extract-mp3.c.
- No CVE number
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2026-1765.patch: check for buffer boundaries
extracting MP3 TXXX tags in
src/tracker-extract/tracker-extract-mp3.c.
- CVE-2026-1765
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2026-1766-pre1.patch: minor code refactor in
src/tracker-extract/tracker-extract-mp3.c.
- debian/patches/CVE-2026-1766.patch: refactor/fix handling of COMM
tags in src/tracker-extract/tracker-extract-mp3.c.
- CVE-2026-1766
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2026-1767.patch: fix accounting of offsets within
MP3 performer tags in src/tracker-extract/tracker-extract-mp3.c.
- CVE-2026-1767
Date: 2026-02-03 18:09:13.783272+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/tracker-miners/3.7.1-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list