Univention Bugzilla – Bug 48450
libsndfile: Multiple issues (4.2)
Last modified: 2019-01-16 13:40:08 CET
New Debian libsndfile 1.0.25-9.1+deb8u3 fixes: This update addresses the following issues: * Buffer overflow in the flac_buffer_copy function (CVE-2017-8361) * Out-of-bounds read in the flac_buffer_copy function (CVE-2017-8362) * Heap buffer over-read in the flac_buffer_copy function (CVE-2017-8363) * Buffer over-read in the l2les_array function (CVE-2017-8365) * Out-of-bounds read in the function d2alaw_array() (CVE-2017-14245) * Out-of-bounds read in the function d2ulaw_array() (CVE-2017-14246) * Divide-by-zero in the double64_init() function (CVE-2017-14634) * SEGV on unknown address in the function d2alaw_array() (CVE-2017-17456) * SEGV on unknown address in the function d2ulaw_array() (CVE-2017-17457) * stack-based buffer overflow in sndfile-deinterleave utility (CVE-2018-13139) * OOB read in sf_write_int in sndfile.c (CVE-2018-19432) * buffer over-read in the function i2ulaw_array in ulaw.c (CVE-2018-19661) * buffer over-read in the function i2alaw_array in alaw.c (CVE-2018-19662)
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/libsndfile_1.0.25-9.1+deb8u2.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/libsndfile_1.0.25-9.1+deb8u3.dsc @@ -1,3 +1,8 @@ +1.0.25-9.1+deb8u3 [Thu, 10 Jan 2019 15:02:51 +0100] Hugo Lefeuvre <hle@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-19758: heap-buffer-overflow in wav_write_header (closes: #917416). + 1.0.25-9.1+deb8u2 [Sat, 15 Dec 2018 13:10:27 +0100] Hugo Lefeuvre <hle@debian.org>: * Non-maintainer upload by the LTS Team. <http://10.200.17.11/4.2-5/#5270929799664534339>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 190c7d4b24 Bug #48450: libsndfile 1.0.25-9.1+deb8u3 doc/errata/staging/libsndfile.yaml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+)
<http://errata.software-univention.de/ucs/4.2/580.html>