Back to libsndfile PTS page

Accepted libsndfile 1.0.25-9.1+deb7u2 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libsndfile 1.0.25-9.1+deb7u2 (source amd64) into oldstable
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 28 May 2017 11:30:13 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1dEwOj-0006Oi-EP@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 27 May 2017 22:03:02 +0200
Source: libsndfile
Binary: libsndfile1-dev libsndfile1 sndfile-programs
Architecture: source amd64
Version: 1.0.25-9.1+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Erik de Castro Lopo <erikd@mega-nerd.com>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 libsndfile1 - Library for reading/writing audio files
 libsndfile1-dev - Development files for libsndfile; a library for reading/writing a
 sndfile-programs - Sample programs that use libsndfile
Changes:
 libsndfile (1.0.25-9.1+deb7u2) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Wheezy LTS Team.
   * CVE-2017-8361
     The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
     remote attackers to cause a denial of service (buffer overflow and
     application crash) or possibly have unspecified other impact via a
     crafted audio file.
   * CVE-2017-8362
     The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
     remote attackers to cause a denial of service (invalid read and
     application crash) via a crafted audio file.
   * CVE-2017-8363
     The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
     remote attackers to cause a denial of service (heap-based buffer
     over-read and application crash) via a crafted audio file.
   * CVE-2017-8365
     The i2les_array function in pcm.c in libsndfile 1.0.28 allows
     remote attackers to cause a denial of service (buffer over-read
     and application crash) via a crafted audio file.
Checksums-Sha1:
 2a8e12c684e85c8b316fc45589ed8e75694ede3f 2169 libsndfile_1.0.25-9.1+deb7u2.dsc
 e95d9fca57f7ddace9f197071cbcfb92fa16748e 1060692 libsndfile_1.0.25.orig.tar.gz
 a255588a129fca9cf09564eedb06f6dd620417e1 19424 libsndfile_1.0.25-9.1+deb7u2.debian.tar.gz
 8bdd65ab04bb702ff869cff32990b874f7a977bf 392330 libsndfile1-dev_1.0.25-9.1+deb7u2_amd64.deb
 457311b5fb956d48dcdb434016cf7f0c7d3f6208 245128 libsndfile1_1.0.25-9.1+deb7u2_amd64.deb
 45f321289e35852037355f7a9d026664940a484a 120190 sndfile-programs_1.0.25-9.1+deb7u2_amd64.deb
Checksums-Sha256:
 ba4c62a570b2ab2acee2051f97505f6aef07c22f563fb2e2148a525bf7d6374a 2169 libsndfile_1.0.25-9.1+deb7u2.dsc
 59016dbd326abe7e2366ded5c344c853829bebfd1702ef26a07ef662d6aa4882 1060692 libsndfile_1.0.25.orig.tar.gz
 8cfbb5cc788a0a8082833ac8a6fe7e07b4b4ebe7b6a55c6fc44ae1fac6dce23c 19424 libsndfile_1.0.25-9.1+deb7u2.debian.tar.gz
 e2cdf9488f7c6fd45f1c1b82c917ce13823cf6b3697c2d52b7a35296f0eb60e0 392330 libsndfile1-dev_1.0.25-9.1+deb7u2_amd64.deb
 b324ab6f88293cfa0db92771cc9ddac9694ff3c6cb560d758a01af28d1d65065 245128 libsndfile1_1.0.25-9.1+deb7u2_amd64.deb
 4c7f3480e52d1be7c0c14e139ec0f0c174d4be24eb8c8058e48b21b99a6ca5ed 120190 sndfile-programs_1.0.25-9.1+deb7u2_amd64.deb
Files:
 2dd9b74e1bbc130a85761ec86109e617 2169 devel optional libsndfile_1.0.25-9.1+deb7u2.dsc
 e2b7bb637e01022c7d20f95f9c3990a2 1060692 devel optional libsndfile_1.0.25.orig.tar.gz
 24c2d42a7bda7bfe0aac08fcee0eaf7f 19424 devel optional libsndfile_1.0.25-9.1+deb7u2.debian.tar.gz
 4dbe319e55bba9276f8bf209548f5466 392330 libdevel optional libsndfile1-dev_1.0.25-9.1+deb7u2_amd64.deb
 550e325117b14487b5fa96f03b782e51 245128 libs optional libsndfile1_1.0.25-9.1+deb7u2_amd64.deb
 ea4c4d02a618af20735a6d91e406dc77 120190 utils optional sndfile-programs_1.0.25-9.1+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlkqsjRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR2u6EAC+Po7KJ1ejpeBF41I7EM6GrB2AB4Aq
lW1Gtx8WlkltDzSONAmcExCVNBqWAdfiqSSPETwx8O+orTkez0hUjNqtpZRor45m
/2y7qsoRCrPYYWb5rhP4Kunai1wNJFwk5zBgeNlJCta2vqkpNcsSyskTAgTHgwf9
6w/aDKHFo9hQAbr2p9drss8FGdQY6M6fjkLkJRzV/LhhJl/gq1LByAXjvOsxQP12
mW0OthC9ZE2hCm+k8VAv4BuofjALaQWhbrlqV74MUebiYOOdK9Bs7E9MSYH8htui
X3hthp0oT1Ig+mOt8BAolPuGSTZhLgLyKaS848ztqfL/TNZ6FNAX9aa5XnICjC+J
0oDMUSnP5GpMGoBkyZPJHkzyT6cOvo9uaRVF0WSqD9xlSWM090rzC0wqS1tPl5kc
/qx8eE0qS+ON6lpWLYky52sA+t92rqo/F96QNAPzGyTKoVQxdclFcj+gek4YHo00
S+k6NDBK1o9UflWym9d8q7ADj3nALMFO4hXLAZl6DcIOPO26nsrfetjIu6GwuKoX
LPfcbGJnT9/iONSWxbFAaE8jy4gz9c66A3zIjovQNjuFo/P0WS4g2hn9U718fmln
v4dqV7cZKD4z5kcEgDKg4Yw2az7MWI61Rr/3xShoqLeV80HYI8p/aA7lqFW+r63I
BKPp290EQvvgNw==
=g4cA
-----END PGP SIGNATURE-----