Univention Bugzilla – Bug 47539
soundtouch: Multiple issues (4.2)
Last modified: 2018-08-15 16:20:26 CEST
New Debian soundtouch 1.8.0-1+deb8u1 fixes: This update addresses the following issue(s): * * The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file. (CVE-2017-9258) * The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file. (CVE-2017-9259) * The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. (CVE-2017-9260) CVE_2018-14044 is open CVE_2018-14045 is open CVE_2018-1000223 is open 1.8.0-1+deb8u1 (Wed, 27 Dec 2017 16:37:31 +0000) [ Gabor Karsay ] * Add patch to fix - CVE-2017-9258 - CVE-2017-9259 - CVE-2017-9260 * CVE-2017-9258 soundtouch: Infinite loop in the TDStretch::processSamples function (CVE-2017-9258) * CVE-2017-9259 soundtouch: Memory allocation error in the TDStretch::acceptNewOverlapLength function (CVE-2017-9259) * CVE-2017-9260 soundtouch: Heap-buffer over-read in the TDStretchSSE::calcCrossCorr function (CVE-2017-9260)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/soundtouch_1.8.0-1.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/soundtouch_1.8.0-1+deb8u1.dsc @@ -1,3 +1,11 @@ +1.8.0-1+deb8u1 [Wed, 27 Dec 2017 16:37:31 +0000] James Cowgill <jcowgill@debian.org>: + + [ Gabor Karsay ] + * Add patch to fix + - CVE-2017-9258 (Closes: #870854) + - CVE-2017-9259 (Closes: #870856) + - CVE-2017-9260 (Closes: #870857) + 1.8.0-1 [Fri, 31 Jan 2014 16:46:38 -0500] Miguel A. Colón Vélez <debian.micove@gmail.com>: * New upstream release. <http://10.200.17.11/4.2-4/#259588270271069948>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] 7e0cb485ce Bug #47539: soundtouch 1.8.0-1+deb8u1 doc/errata/staging/soundtouch.yaml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) [4.2-4] 18b976975a Bug #47539: soundtouch 1.8.0-1+deb8u1 doc/errata/staging/soundtouch.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
<http://errata.software-univention.de/ucs/4.2/480.html>