tag 857651 pending
thanks
Hello,
Bug #857651 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://anonscm.debian.org/git/pkg-multimedia/audiofile.git/commit/?id=242f019
---
commit 242f0192363e1c3148116d58942ad2624a311425
Author: Salvatore Bonaccorso <[email protected]>
Date: Sat Mar 18 19:28:56 2017 +0100
Import Debian changes 0.3.6-2+deb8u2
audiofile (0.3.6-2+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Address several vulnerabilities (Closes: #857651)
- Always check the number of coefficients (CVE-2017-6827 CVE-2017-6828
CVE-2017-6832 CVE-2017-6833 CVE-2017-6835 CVE-2017-6837)
- clamp index values to fix index overflow in IMA.cpp (CVE-2017-6829)
- Check for multiplication overflow in sfconvert (CVE-2017-6830
CVE-2017-6834 CVE-2017-6836 CVE-2017-6838)
- Actually fail when error occurs in parseFormat (CVE-2017-6831)
- Check for multiplication overflow in MSADPCM decodeSample
(CVE-2017-6839)
* Fix signature of multiplyCheckOverflow. It returns a bool, not an int
* Check for division by zero in BlockCodec::runPull
diff --git a/debian/changelog b/debian/changelog
index 9f9f1f2..9819ae1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+audiofile (0.3.6-2+deb8u2) jessie-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Address several vulnerabilities (Closes: #857651)
+ - Always check the number of coefficients (CVE-2017-6827 CVE-2017-6828
+ CVE-2017-6832 CVE-2017-6833 CVE-2017-6835 CVE-2017-6837)
+ - clamp index values to fix index overflow in IMA.cpp (CVE-2017-6829)
+ - Check for multiplication overflow in sfconvert (CVE-2017-6830
+ CVE-2017-6834 CVE-2017-6836 CVE-2017-6838)
+ - Actually fail when error occurs in parseFormat (CVE-2017-6831)
+ - Check for multiplication overflow in MSADPCM decodeSample
+ (CVE-2017-6839)
+ * Fix signature of multiplyCheckOverflow. It returns a bool, not an int
+ * Check for division by zero in BlockCodec::runPull
+
+ -- Salvatore Bonaccorso <[email protected]> Sat, 18 Mar 2017 19:28:56 +0100
+
audiofile (0.3.6-2+deb8u1) jessie; urgency=high
* Team upload.