audiofile_0.3.6-2+deb8u2_multi.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Mar 29 19:32:08 UTC 2017
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Mar 2017 19:28:56 +0100
Source: audiofile
Binary: audiofile-tools libaudiofile-dev libaudiofile1 libaudiofile-dbg
Architecture: source
Version: 0.3.6-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil at debian.org>
Closes: 857651
Description:
audiofile-tools - sfinfo and sfconvert tools
libaudiofile-dbg - Open-source version of SGI's audiofile library (debug)
libaudiofile-dev - Open-source version of SGI's audiofile library (header files)
libaudiofile1 - Open-source version of SGI's audiofile library
Changes:
audiofile (0.3.6-2+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Address several vulnerabilities (Closes: #857651)
- Always check the number of coefficients (CVE-2017-6827 CVE-2017-6828
CVE-2017-6832 CVE-2017-6833 CVE-2017-6835 CVE-2017-6837)
- clamp index values to fix index overflow in IMA.cpp (CVE-2017-6829)
- Check for multiplication overflow in sfconvert (CVE-2017-6830
CVE-2017-6834 CVE-2017-6836 CVE-2017-6838)
- Actually fail when error occurs in parseFormat (CVE-2017-6831)
- Check for multiplication overflow in MSADPCM decodeSample
(CVE-2017-6839)
* Fix signature of multiplyCheckOverflow. It returns a bool, not an int
* Check for division by zero in BlockCodec::runPull
Checksums-Sha1:
9ef62372482313a1af0c8f669410d51822ee0230 2385 audiofile_0.3.6-2+deb8u2.dsc
3aba3ef724b1b5f88cfc20ab9f8ce098e6c35a0e 811733 audiofile_0.3.6.orig.tar.gz
110bf58c6c24d698eb55aa19894f77907517ac22 15512 audiofile_0.3.6-2+deb8u2.debian.tar.xz
Checksums-Sha256:
381b03e1b3f7270bcca367769b685e3e6a461cfb5a9ff2f30a72bf9e60205e6b 2385 audiofile_0.3.6-2+deb8u2.dsc
cdc60df19ab08bfe55344395739bb08f50fc15c92da3962fac334d3bff116965 811733 audiofile_0.3.6.orig.tar.gz
6f08b8d898317e92b42722f8040d1c6c42ceb717068f40b66251486656910738 15512 audiofile_0.3.6-2+deb8u2.debian.tar.xz
Files:
d5ac09ee6abc76c7f1cd46187d9d1763 2385 libs optional audiofile_0.3.6-2+deb8u2.dsc
2731d79bec0acef3d30d2fc86b0b72fd 811733 libs optional audiofile_0.3.6.orig.tar.gz
ed19806ebe18badf2256636de983482c 15512 libs optional audiofile_0.3.6-2+deb8u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljNgMxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ER1UQAINRqHyi+BqRt85Aw7FrivdNCGd3WOBG
bU92d/HauItplCS7Eqg5vDS+mtRnDGGQBqFaZO7zjyUnjKaKF8QSEz/DXpt3K49Z
B0u4Rb2UZ39mm4WCu60vSNsiD4cUtGj8aLROsz+Aeg5TTvE7ETFMVsW0ZK9V1G8J
weazOvS+BBm1axX6es5kuMum5UNzirmkJzWeHUia7MtKOwdsht1f0EDQtrnXFYtb
3veKM+84R98hlunBm0hL+ait2hfSlmwsiy6or3KxK/M4qLapH55xIArZ9OuvW2sL
pY5YTnmw1ZKCavaGmbB8MiidiliA/20k3PzpRYDupTfY2NPBrx3p5obNQu/evt9x
Db+eDXFGCTdVC/MQpNvAGinDnzmmKbHIfmkqhxwV9DZq9re358whu1crG/HP5fVu
tkbqc6sDaltD5c1TmiBkR7lniDKc3SZ7XimAAf4JBjuiqiqRI7thFIHSilpWSQ0X
Cl9LZu3lZpa0kF7Eg4DUUAQ7m1w1wNhte7IUng0GW7QArZn7UGWJ3LnD2gqysVbv
YaL8Rt2pMYr5L3uiaw5oRv/u76UOOcbzmb5C8EpKgoHD/s9ftVaiPe9OYhW09zqs
P1pVkNN0vKlkgTN8Zx459JO7TEvTNh+uzoqGMaximPnAaSbT+GE3cH5h/GTwbV2/
QHakxvDH/lI0
=8Y7S
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-multimedia-maintainers
mailing list