Univention Bugzilla – Bug 53546
fluidsynth: Multiple issues (4.4)
Last modified: 2021-07-07 16:34:10 CEST
New Debian fluidsynth 1.1.6-4+deb9u1 fixes: This update addresses the following issue: * FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library. (CVE-2021-28421)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/fluidsynth_1.1.6-4.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/fluidsynth_1.1.6-4+deb9u1.dsc @@ -1,3 +1,9 @@ +1.1.6-4+deb9u1 [Sun, 27 Jun 2021 19:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2021-28421 + fix for use-after-free vulnerability + 1.1.6-4 [Sun, 18 Dec 2016 15:14:56 +0100] Jaromír Mikeš <mira.mikes@seznam.cz>: * Set dh/compat 10. <http://piuparts.knut.univention.de/4.4-8/#7206123283141308981>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1003>