Univention Bugzilla – Bug 52543
flac: Multiple issues (4.4)
Last modified: 2021-01-06 16:53:53 CET
New Debian flac 1.3.2-2+deb9u1 fixes: This update addresses the following issues: * Memory leak in src/libFLAC/stream_decoder.c:read_metadata_vorbiscomment_() (CVE-2017-6888) * out-of-bounds read can lead to remote information disclosure (CVE-2020-0499)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/flac_1.3.2-1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/flac_1.3.2-2+deb9u1.dsc @@ -1,3 +1,22 @@ +1.3.2-2+deb9u1 [Mon, 04 Jan 2021 01:27:32 +0200] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2020-0499: Out of bounds read due to a heap buffer overflow. + +1.3.2-2 [Tue, 01 May 2018 20:56:47 +0200] Fabian Greffrath <fabian@debian.org>: + + [ Ondřej Nový ] + * d/copyright: Use https protocol in Format field + * d/control: Set Vcs-* to salsa.debian.org + * d/changelog: Remove trailing whitespaces + + [ Felipe Sateler ] + * Change maintainer address to debian-multimedia@lists.debian.org + + [ Fabian Greffrath ] + * Apply two commits from upstream's GIT repo to fix memory leaks + (Closes: #897015, CVE-2017-6888). + 1.3.2-1 [Tue, 03 Jan 2017 20:36:10 +0100] Sebastian Ramacher <sramacher@debian.org>: * Team upload. <http://10.200.17.11/4.4-7/#2512221333874469887>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 3b02884101 Bug #52543: flac 1.3.2-2+deb9u1 doc/errata/staging/flac.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-7] c78adee532 Bug #52543: flac 1.3.2-2+deb9u1 doc/errata/staging/flac.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x853>