Bug#905504: soundtouch: CVE-2018-14044 CVE-2018-14045
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 5 15:09:21 BST 2018
Source: soundtouch
Version: 1.9.2-1
Severity: normal
Tags: security upstream
Forwarded: https://gitlab.com/soundtouch/soundtouch/issues/7
Hi,
The following vulnerabilities were published for soundtouch, the
impact is negligible, but filling the bug to track any upstream move
on the upstream issue
https://gitlab.com/soundtouch/soundtouch/issues/7 .
CVE-2018-14044[0]:
| The RateTransposer::setChannels function in RateTransposer.cpp in
| libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote
| attackers to cause a denial of service (assertion failure and
| application exit), as demonstrated by SoundStretch.
CVE-2018-14045[1]:
| The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in
| libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote
| attackers to cause a denial of service (assertion failure and
| application exit), as demonstrated by SoundStretch.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-14044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14044
[1] https://security-tracker.debian.org/tracker/CVE-2018-14045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14045
[2] https://gitlab.com/soundtouch/soundtouch/issues/7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-multimedia-maintainers
mailing list