Back to libsndfile PTS page

Accepted libsndfile 1.0.25-9.1+deb7u1 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libsndfile 1.0.25-9.1+deb7u1 (source amd64) into oldstable
From: Antoine Beaupré <anarcat@debian.org>
Date: Sat, 29 Apr 2017 18:40:13 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1d4XHx-0002tY-PI@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 25 Apr 2017 09:49:01 -0400
Source: libsndfile
Binary: libsndfile1-dev libsndfile1 sndfile-programs
Architecture: source amd64
Version: 1.0.25-9.1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Erik de Castro Lopo <erikd@mega-nerd.com>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
 libsndfile1 - Library for reading/writing audio files
 libsndfile1-dev - Development files for libsndfile; a library for reading/writing a
 sndfile-programs - Sample programs that use libsndfile
Closes: 860255
Changes:
 libsndfile (1.0.25-9.1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backport fix_bufferoverflows.patch from sid to fix CVE-2017-7585,
     CVE-2017-7586 and CVE-2017-7741.
   * Also backport 41da64d9270b2fa10c93ce74dea014fe8f0bd303 from upstream
     in order to backport the above and fix another (undocumented) id3
     overflow present in < 1.27 fixed in 2011 (!).
   * CVE-2017-7585: In libsndfile before 1.0.28, an error in the
     "flac_buffer_copy()" function (flac.c) can be exploited to cause a
     stack-based buffer overflow via a specially crafted FLAC file.
   * CVE-2017-7586: In libsndfile before 1.0.28, an error in the
     "header_read()" function (common.c) when handling ID3 tags can be
     exploited to cause a stack-based buffer overflow via a specially
     crafted FLAC file.
   * CVE-2017-7741: In libsndfile before 1.0.28, an error in the
     "flac_buffer_copy()" function (flac.c) can be exploited to cause a
     segmentation violation (with write memory access) via a specially
     crafted FLAC file during a resample attempt, a similar issue to
     CVE-2017-7585.
   * Backport 60b234301adf258786d8b90be5c1d437fc8799e0 from upstream to fix
     CVE-2017-7742.
   * CVE-2017-7742: In libsndfile before 1.0.28, an error in the
     "flac_buffer_copy()" function (flac.c) can be exploited to cause a
     segmentation violation (with read memory access) via a specially
     crafted FLAC file during a resample attempt, a similar issue to
     CVE-2017-7585. (Closes: #860255)
   * backport 1.0.25-9 from jessie to fix security issues, while keeping
     the old build system (CVE-2014-9496, CVE-2014-9756, CVE-2015-7805)
Checksums-Sha1:
 edde727ce7087db9aaadc2d120cc46c7cefcff4e 2010 libsndfile_1.0.25-9.1+deb7u1.dsc
 e95d9fca57f7ddace9f197071cbcfb92fa16748e 1060692 libsndfile_1.0.25.orig.tar.gz
 8d775787f445de57d2a6ac17b3666060e44b674a 18274 libsndfile_1.0.25-9.1+deb7u1.debian.tar.gz
 67781e89c335966874590a76319f9f2d0a91b672 392474 libsndfile1-dev_1.0.25-9.1+deb7u1_amd64.deb
 f5be7efc14ef35d8b313632b74a7b9f54ab14c27 245112 libsndfile1_1.0.25-9.1+deb7u1_amd64.deb
 cca28688b559d1aa8872776a93ae2189c2271d61 119734 sndfile-programs_1.0.25-9.1+deb7u1_amd64.deb
Checksums-Sha256:
 15d3e717f0e9ee0f574df8c9c12a5f9d990efd37febbe36d8b7c088e9f55cba9 2010 libsndfile_1.0.25-9.1+deb7u1.dsc
 59016dbd326abe7e2366ded5c344c853829bebfd1702ef26a07ef662d6aa4882 1060692 libsndfile_1.0.25.orig.tar.gz
 e7b83ff6f4609cc801ef77a1cf29ca10764e013bf05c28af009ee7ac3e414933 18274 libsndfile_1.0.25-9.1+deb7u1.debian.tar.gz
 de350cf19626c8c667792dd7abf2716a3f4f41e10c76d58732c5d89c550baf1c 392474 libsndfile1-dev_1.0.25-9.1+deb7u1_amd64.deb
 e4c36728b66d134c3a659913a0caf19c0627d46869f045e9a110498613866827 245112 libsndfile1_1.0.25-9.1+deb7u1_amd64.deb
 ee118e42925809c04d2793b544b6139aeebc55dcb44635a6a1a42fe32533c786 119734 sndfile-programs_1.0.25-9.1+deb7u1_amd64.deb
Files:
 6934380dac7694de7d95ccbc72706c33 2010 devel optional libsndfile_1.0.25-9.1+deb7u1.dsc
 e2b7bb637e01022c7d20f95f9c3990a2 1060692 devel optional libsndfile_1.0.25.orig.tar.gz
 6dd9059743b48a2ab6b63bdde93be26a 18274 devel optional libsndfile_1.0.25-9.1+deb7u1.debian.tar.gz
 7ba17d21cf63546596d9ffae57d8ca72 392474 libdevel optional libsndfile1-dev_1.0.25-9.1+deb7u1_amd64.deb
 47d94f19c64828efd9dca5f7be72cf1b 245112 libs optional libsndfile1_1.0.25-9.1+deb7u1_amd64.deb
 4de6caf8b4511ec9f17cea98fdf6acf1 119734 utils optional sndfile-programs_1.0.25-9.1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlkE3FoACgkQeSFSUnt1
kh6knQ//cTzy+b7MYv9URpVI2hbh4u4m+TyQ09Pbif5T9moYNo/uHF6w7mauXcOg
872e8TNmtQqW+NDyW1VAaaZmRoh+tP5TmEu+yV9A1jWinE1476VlblLZhAhHFld6
lKcGFlKVV4bHRSrrqJaQZse4CD/Lsl7DEnr2Ab/kRAA9yVWr6ynV8dVN5PtiF3Ce
eIHsMWkAz3YljM3ghEuMo3Uyn2jBTuF++mYyu4K5CJgONFcpdyL97RHYaxmj64HA
SNYodAWbk14ukakB8eNea2wo/4tIAdQvdkIz5orfWVg7mXyzAq6judGKCoz7keTR
ZAsx9kg/xHQJ0uxPtgl/ulKe4+QCK8AVsPTyfGi+ltwonPDsAZ7wuml7cmuKXMWQ
ZIJu3JLj7rCwh+1/YrNa0vS85Qta9oFOgDyB96QCglhROgfeiSDU2Ege48seciap
yqtdjkowDIyN1KcKkzdIHSygL8tEVufGq3Tz8lmRbHx2//VXyhDquxRBJ7bUDFvJ
JwsHjo5MEm/AmgUS/Y5YsWTsDKpLO9nWmh/uU48RilECd4HMG/z9j2WDeKFk14a4
DoL0rGnrkJdo2BACch0l7wdPKiETkod1mMwBrXTeINljEB4VQRRwJgJNI/nclbEi
5vsar4ndQjFwOhfHcCgg3RvawBiPIufirguqxjhvD/RJ0Rh5vn0=
=M+iW
-----END PGP SIGNATURE-----