MusicBee is shipping a version of LAME with a security vulnerability

Your browser does not support javascript (or it is disabled.) Please use a browser with javascript or enable it.
We need javascript to function properly otherwise some things won't work.

« previous next »

Print

Pages: 1

Author Topic: MusicBee is shipping a version of LAME with a security vulnerability (Read 1280 times)

rreiner

Newbie
Posts: 3

on: October 30, 2017, 03:26:16 PM

MusicBee is shipping LAME 3.99.5.

Versions of LAME prior to 3.100 have this security bug:

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11720

which can lead to compromise of the user's PC.

Please update MusicBee to use LAME 3.100+....

phred

Global Moderator
Sr. Member
Posts: 9356

Reply #1 on: October 30, 2017, 07:09:37 PM

See this thread: https://getmusicbee.com/forum/index.php?topic=23197.msg135426#msg135426

Download the latest MusicBee v3.5 or 3.6 patch from here.
Unzip into your MusicBee directory and overwrite existing files.
----------
The FAQ
The Wiki
Posting screenshots is here
Searching the forum with Google is here

Steven

Administrator
Sr. Member
Posts: 34361

Reply #2 on: October 30, 2017, 07:11:43 PM

i have updated in the installer package

Print

Pages: 1

« previous next »

SMF 2.0.17 | SMF © 2019, Simple Machines