Univention Bugzilla – Bug 52663
wavpack: Multiple issues (4.4)
Last modified: 2021-01-20 12:50:45 CET
New Debian wavpack 5.0.0-2+deb9u3 fixes: This update addresses the following issues: * Infinite loop in WavpackPackInit function lead to DoS (CVE-2018-19840) * Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS (CVE-2018-19841) * Use of uninitialized variable in WavpackSetConfiguration64 leads to DoS (CVE-2019-11498) * Divide by zero in ParseDsdiffHeaderConfig leads to crash (CVE-2019-1010315) * Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS (CVE-2019-1010317) * Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS (CVE-2019-1010319) * out-of-bounds write in WavpackPackSamples function in pack_utils.c (CVE-2020-35738)
--- mirror/ftp/4.3/unmaintained/4.3-1/source/wavpack_5.0.0-2+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/wavpack_5.0.0-2+deb9u3.dsc @@ -1,3 +1,12 @@ +5.0.0-2+deb9u3 [Fri, 15 Jan 2021 15:23:22 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix multiple security issues. + (Fixes: CVE-2018-19840, CVE-2018-19841, CVE-2019-1010315, + CVE-2019-1010317, CVE-2019-1010319, CVE-2019-11498, + CVE-2020-35738) + (Closes: #915564, #915565, #932060, #932061, #927903, #978548) + 5.0.0-2+deb9u2 [Mon, 30 Apr 2018 20:34:34 +0000] Moritz Muehlenhoff <jmm@debian.org>: * CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 <http://10.200.17.11/4.4-7/#1476735935128061736>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] f8bf7dcdfc Bug #52663: wavpack 5.0.0-2+deb9u3 doc/errata/staging/wavpack.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x873>