group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #11896
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
ACK on the debdiffs in comments 1, 2 and 3. I'm building them now with a
slight change to add a missing CVE. I'll publish them once I've finished
backporting to precise and have tested precise and trusty.
Thanks!
** Also affects: audiofile (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: audiofile (Ubuntu Precise)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1674005
Title:
audiofile: Multiple security issues from March 2017
Status in audiofile package in Ubuntu:
New
Status in audiofile source package in Precise:
New
Status in audiofile source package in Trusty:
New
Status in audiofile source package in Xenial:
New
Status in audiofile source package in Yakkety:
New
Bug description:
https://security-tracker.debian.org/tracker/source-package/audiofile
http://openwall.com/lists/oss-security/2017/02/26/
https://github.com/mpruett/audiofile/issues/32
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp
https://github.com/mpruett/audiofile/commit/c48e4c6503
Fixed in Debian unstable 0.3.6-4 and synced to zesty.
debdiffs attached for 14.04 LTS and up. For 12.04 LTS, audiofile was
in main so someone should probably try to apply the patches there too.
I've done no testing of these packages.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions
