- Fix potential overflow in d2alaw_array() (CVE-2017-17456,

bsc#1071777): libsndfile-CVE-2017-17456-alaw-range-check.patch - Fix potential overflow in d2ulaw_array() (CVE-2017-17457, bsc#1071767): libsndfile-CVE-2017-17457-ulaw-range-check.patch - Fix VUL-0: divide-by-zero error exists in the function double64_init() in double64.c (CVE-2017-14634, bsc#1059911): 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch - Tentative fix for VUL-0: out of bounds read in the function d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and VUL-0: out of bounds read in the function d2ulaw_array() in ulaw.c (CVE-2017-14246, bsc#1059913): 0031-sfe_copy_data_fp-check-value-of-max-variable.patch - Fix Heap-based Buffer Overflow in the psf_binheader_writef (CVE-2017-12562, bsc#1052476): 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch - Fix out-of-bounds read memory access in the aiff_read_chanmap() (CVE-2017-6892, bsc#1043978): 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch - Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363 CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946 bsc#1036943): 0001-FLAC-Fix-a-buffer-read-overrun.patch 0002-src-flac.c-Fix-a-buffer-read-overflow.patch OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=71
2018-11-23 13:50:08 +00:00 · 2018-11-23 13:50:08 +00:00 · 773bb27446
commit 773bb27446
parent 1405f02287
1 changed files with 45 additions and 0 deletions
--- a/libsndfile-progs.changes
+++ b/libsndfile-progs.changes
@ -6,6 +6,51 @@ Fri Jul  6 14:11:47 CEST 2018 - tiwai@suse.de
  CVE-2018-19432):
  sndfile-deinterlace-channels-check.patch

+-------------------------------------------------------------------
+Fri Jun  8 14:46:54 CEST 2018 - tiwai@suse.de
+
+- Fix potential overflow in d2alaw_array() (CVE-2017-17456,
+  bsc#1071777):
+  libsndfile-CVE-2017-17456-alaw-range-check.patch
+- Fix potential overflow in d2ulaw_array() (CVE-2017-17457,
+  bsc#1071767):
+  libsndfile-CVE-2017-17457-ulaw-range-check.patch
+
+-------------------------------------------------------------------
+Tue Dec 19 15:57:19 CET 2017 - tiwai@suse.de
+
+- Fix VUL-0: divide-by-zero error exists in the function
+  double64_init() in double64.c (CVE-2017-14634, bsc#1059911):
+  0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
+- Tentative fix for VUL-0: out of bounds read in the function
+  d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and
+  VUL-0: out of bounds read in the function d2ulaw_array() in
+  ulaw.c (CVE-2017-14246, bsc#1059913):
+  0031-sfe_copy_data_fp-check-value-of-max-variable.patch
+
+-------------------------------------------------------------------
+Tue Aug  8 11:00:09 CEST 2017 - tiwai@suse.de
+
+- Fix Heap-based Buffer Overflow in the psf_binheader_writef
+  (CVE-2017-12562, bsc#1052476):
+  0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
+
+-------------------------------------------------------------------
+Tue Jun 13 08:36:52 CEST 2017 - tiwai@suse.de
+
+- Fix out-of-bounds read memory access in the aiff_read_chanmap()
+  (CVE-2017-6892, bsc#1043978):
+  0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
+
+-------------------------------------------------------------------
+Tue May  2 14:06:40 CEST 2017 - tiwai@suse.de
+
+- Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363
+  CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946
+  bsc#1036943):
+  0001-FLAC-Fix-a-buffer-read-overrun.patch
+  0002-src-flac.c-Fix-a-buffer-read-overflow.patch
+
 -------------------------------------------------------------------
 Mon Apr 10 10:47:58 CEST 2017 - tiwai@suse.de