edubuntu-bugs team mailing list archive

Thread
Date

[Bug 1210349] Re: Bundled buzz.wav file in tuxtype package has (potentially) malicious embedded executable content

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Mon, 25 Nov 2013 14:22:28 -0000
Reply-to: Bug 1210349 <1210349@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks for reporting this issue.

I have taken a look at the buzz.wav file. It does appear to contain
extra data at the end, including an elf header.

Fortunately, there doesn't seem to be enough of it to pose any sort of
threat. It is likely the extra part was, as you described, filesystem
corruption, or perhaps uninitialized memory.

I am closing this bug, since I don't think there is anything worth
fixing as this extra data is pretty harmless. The sound files are in the
upstream tarball, so perhaps you could file a bug with the upstream
project to get the files fixed.

Thanks!

** Information type changed from Private Security to Public Security

** Changed in: tuxtype (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to tuxtype in Ubuntu.
https://bugs.launchpad.net/bugs/1210349

Title:
  Bundled buzz.wav file in tuxtype package has (potentially) malicious
  embedded executable content

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tuxtype/+bug/1210349/+subscriptions