Change log for libsndfile package in Ubuntu
| 1 → 75 of 87 results | First • Previous • Next • Last |
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
libsndfile (1.2.2-1ubuntu5) noble; urgency=medium * Rebuild against new libmpg123t64. -- Gianfranco Costamagna <email address hidden> Fri, 05 Apr 2024 08:20:20 +0200
Available diffs
- diff from 1.2.2-1ubuntu4 to 1.2.2-1ubuntu5 (330 bytes)
libsndfile (1.2.2-1ubuntu4) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 07:58:58 +0000
Available diffs
- diff from 1.2.2-1ubuntu3 to 1.2.2-1ubuntu4 (314 bytes)
libsndfile (1.2.2-1ubuntu3) noble; urgency=medium * No-change rebuild against libflac12t64 -- Steve Langasek <email address hidden> Mon, 11 Mar 2024 14:55:05 +0000
Available diffs
- diff from 1.2.2-1ubuntu2 to 1.2.2-1ubuntu3 (336 bytes)
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
libsndfile (1.2.2-1ubuntu2) noble; urgency=medium
* Rebuild against armhf \-fstack-clash-protection breakage rebuild
with fixed dpkg.
-- Gianfranco Costamagna <email address hidden> Thu, 23 Nov 2023 17:57:03 +0100
Available diffs
- diff from 1.2.2-1 (in Debian) to 1.2.2-1ubuntu2 (9.4 KiB)
- diff from 1.2.2-1ubuntu1 to 1.2.2-1ubuntu2 (385 bytes)
| Superseded in noble-proposed |
libsndfile (1.2.2-1ubuntu1) noble; urgency=medium
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2022-33065/CVE-2022-33065-*.patch: fix various
numeric overflow vulnerabilities.
- CVE-2022-33065
-- Fabian Toepfer <email address hidden> Thu, 02 Nov 2023 16:34:14 +0100
Available diffs
libsndfile (1.0.28-7ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2022-33065/CVE-2022-33065-*.patch: fix various
numeric overflow vulnerabilities.
- CVE-2022-33065
-- Fabian Toepfer <email address hidden> Thu, 02 Nov 2023 16:47:21 +0100
Available diffs
libsndfile (1.0.31-2ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2022-33065/CVE-2022-33065-*.patch: fix various
numeric overflow vulnerabilities.
- CVE-2022-33065
-- Fabian Toepfer <email address hidden> Thu, 02 Nov 2023 16:42:46 +0100
Available diffs
libsndfile (1.2.2-1ubuntu0.23.10.1) mantic-security; urgency=medium
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2022-33065/CVE-2022-33065-*.patch: fix various
numeric overflow vulnerabilities.
- CVE-2022-33065
-- Fabian Toepfer <email address hidden> Thu, 02 Nov 2023 16:34:14 +0100
Available diffs
libsndfile (1.2.0-1ubuntu0.1) lunar-security; urgency=medium
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2022-33065/CVE-2022-33065-*.patch: fix various
numeric overflow vulnerabilities.
- CVE-2022-33065
-- Fabian Toepfer <email address hidden> Wed, 01 Nov 2023 16:55:33 +0100
Available diffs
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
libsndfile (1.2.2-1) unstable; urgency=medium [ Dennis Braun ] * New upstream version 1.2.2 [ IOhannes m zmölnig (Debian/GNU) ] * Remove remaining build artifacts on 'clean' (Closes: #1046007) -- IOhannes m zmölnig (Debian/GNU) <email address hidden> Wed, 30 Aug 2023 14:34:05 +0200
Available diffs
- diff from 1.2.0-1 to 1.2.2-1 (13.4 KiB)
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
libsndfile (1.2.0-1) unstable; urgency=medium * Team upload * New upstream version 1.2.0 * Bump Standards-Version to 4.6.2 * Refresh patchset, drop patches applied by upstream -- Dennis Braun <email address hidden> Sat, 31 Dec 2022 15:51:23 +0100
Available diffs
libsndfile (1.1.0-3build1) lunar; urgency=medium * No-change rebuild against libflac12 -- Steve Langasek <email address hidden> Mon, 12 Dec 2022 20:27:41 +0000
Available diffs
- diff from 1.1.0-3 (in Debian) to 1.1.0-3build1 (532 bytes)
libsndfile (1.1.0-3) unstable; urgency=medium * Add patch to fix clipping of non-int32 numbers * Mark patches as applied upstream * Fix typo in d/changelog -- IOhannes m zmölnig (Debian/GNU) <email address hidden> Thu, 06 Oct 2022 10:47:11 +0200
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
libsndfile (1.0.31-2build1) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode <email address hidden> Thu, 24 Mar 2022 17:13:47 +0100
Available diffs
- diff from 1.0.31-2 (in Debian) to 1.0.31-2build1 (535 bytes)
libsndfile (1.0.31-1ubuntu1.1) hirsute-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in msadpcm_decode_block allows
arbitrary code execution via crafted WAV file.
- debian/patches/CVE-2021-3246.patch: upstream patch to src/ms_adpcm.c
to validate samples per block
- CVE-2021-3246
-- Alex Murray <email address hidden> Tue, 27 Jul 2021 16:22:54 +0930
Available diffs
libsndfile (1.0.28-7ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in msadpcm_decode_block allows
arbitrary code execution via crafted WAV file.
- debian/patches/CVE-2021-3246.patch: upstream patch to src/ms_adpcm.c
to validate samples per block
- CVE-2021-3246
-- Alex Murray <email address hidden> Wed, 28 Jul 2021 10:22:09 +0930
Available diffs
libsndfile (1.0.28-4ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in msadpcm_decode_block allows
arbitrary code execution via crafted WAV file.
- debian/patches/CVE-2021-3246.patch: upstream patch to src/ms_adpcm.c
to validate samples per block
- CVE-2021-3246
-- Alex Murray <email address hidden> Wed, 28 Jul 2021 10:22:45 +0930
Available diffs
libsndfile (1.0.31-1ubuntu2) impish; urgency=medium
* SECURITY UPDATE: heap buffer overflow in msadpcm_decode_block allows
arbitrary code execution via crafted WAV file.
- debian/patches/CVE-2021-3246.patch: upstream patch to src/ms_adpcm.c
to validate samples per block
- CVE-2021-3246
-- Alex Murray <email address hidden> Mon, 26 Jul 2021 17:02:42 +0930
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
libsndfile (1.0.31-2) unstable; urgency=medium
* Team upload
[ IOhannes m zmölnig (Debian/GNU) ]
* Fix FTBFS with DEB_BUILD_OPTIONS=nocheck.
Thanks to Helmut Grohne <email address hidden> (Closes: #984746)
[ Sebastian Ramacher ]
* debian/patches: Apply upstream fix for CVE-2021-3246 (Closes: #991496)
-- Sebastian Ramacher <email address hidden> Mon, 26 Jul 2021 23:09:17 +0200
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
libsndfile (1.0.31-1ubuntu1) hirsute; urgency=medium
* debian/rules: forcefully enable tests (they are disabled by default on
riscv64 in Ubuntu) because libsndfile1-dev wants to install test binaries
(LP: #1917650)
-- Olivier Tilloy <email address hidden> Wed, 03 Mar 2021 17:53:18 +0100
Available diffs
- diff from 1.0.28-8 (in Debian) to 1.0.31-1ubuntu1 (976.0 KiB)
- diff from 1.0.31-1 (in Debian) to 1.0.31-1ubuntu1 (577 bytes)
libsndfile (1.0.31-1) unstable; urgency=medium
* New upstream version 1.0.31
* (LP: #1807823, #1807825, #1807826, #900332, #999994)
* (LP: #1036831, #1546685)
* Refresh patches
* Register documentation as markdown (aka: text) rather than html
-- IOhannes m zmölnig (Debian/GNU) <email address hidden> Fri, 29 Jan 2021 23:05:07 +0100
Available diffs
- diff from 1.0.30-1 to 1.0.31-1 (124.4 KiB)
libsndfile (1.0.25-10ubuntu0.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/CVE-2017-12562.patch: Size buffer correctly in
src/common.c to prevent buffer overflows.
- CVE-2017-12562
-- Avital Ostromich <email address hidden> Thu, 14 Jan 2021 19:46:45 -0500
Available diffs
libsndfile (1.0.30-1) unstable; urgency=medium
* New upstream version 1.0.30
* Drop patches applied upstream
* Refresh patches
* Fix more typos
* Re-arranged B-Ds alphabetically
* B-D on autogen, python3 & libopus-dev
* Have libsndfile-dev depend on libopus-dev
* Run upstream testsuite as autopkgtest
* Include test-suite in libsndfile1-dev
* Fix false-positive of salsa-pipeline "blhc"
* Update d/copyright to handle filerenames
* Updated d/watch to point to github
* Bump standards version to 4.5.1
-- IOhannes m zmölnig (Debian/GNU) <email address hidden> Mon, 11 Jan 2021 16:24:15 +0100
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
libsndfile (1.0.28-8) unstable; urgency=medium
* Team upload.
[ Simon McVittie ]
* examples: Decouple from config.h.
This allows them to be built standalone, without the rest of the
libsndfile source tree. This is useful because config.h is
architecture-dependent, preventing multi-arch co-installation.
* Mark libsndfile1-dev as Multi-Arch: same. (Closes: #960445; LP: #1720725)
* Add a superficial compile/link/execute autopkgtest for libsndfile1-dev.
[ Mattia Rizzolo ]
* d/control: Bump debhelper compat level to 13.
+ Add the .la file to d/not-installed.
* d/rules: Remove now obsolete --dbgsym-migration option.
-- Mattia Rizzolo <email address hidden> Mon, 25 May 2020 17:33:03 +0200
Available diffs
- diff from 1.0.28-7 to 1.0.28-8 (2.2 KiB)
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
libsndfile (1.0.28-7) unstable; urgency=medium
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat
[ Debian Janitor ]
* Set upstream metadata fields:
Bug-Database, Repository, Repository-Browse, Bug-Submit.
[ IOhannes m zmölnig (Debian/GNU) ]
* Add salsa-ci configuration
* Bump standards version to 4.5.0
-- IOhannes m zmölnig (Debian/GNU) <email address hidden> Tue, 18 Feb 2020 10:59:43 +0100
Available diffs
- diff from 1.0.28-6 to 1.0.28-7 (923 bytes)
libsndfile (1.0.25-10ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*.patch: sync multiple security patches with 1.0.28-6.
- CVE-2017-6892, CVE-2017-14245, CVE-2017-14246, CVE-2017-14634,
CVE-2017-16942, CVE-2017-17456, CVE-2017-17457, CVE-2018-13139,
CVE-2018-19432, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758,
CVE-2019-3832
-- Marc Deslauriers <email address hidden> Fri, 07 Jun 2019 14:35:20 -0400
Available diffs
libsndfile (1.0.28-4ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*.patch: sync multiple security patches with 1.0.28-6.
- CVE-2017-14245, CVE-2017-14246, CVE-2017-14634, CVE-2017-17456,
CVE-2017-17457, CVE-2018-13139, CVE-2018-19432, CVE-2018-19661,
CVE-2018-19662, CVE-2018-19758, CVE-2019-3832
-- Marc Deslauriers <email address hidden> Fri, 07 Jun 2019 14:06:41 -0400
Available diffs
libsndfile (1.0.28-4ubuntu0.18.10.1) cosmic-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*.patch: sync multiple security patches with 1.0.28-6.
- CVE-2017-14245, CVE-2017-14246, CVE-2017-14634, CVE-2017-17456,
CVE-2017-17457, CVE-2018-13139, CVE-2018-19432, CVE-2018-19661,
CVE-2018-19662, CVE-2018-19758, CVE-2019-3832
-- Marc Deslauriers <email address hidden> Fri, 07 Jun 2019 14:06:41 -0400
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
libsndfile (1.0.28-6) unstable; urgency=medium * Backported fix for out-of-bound reading (CVE-2019-3832) (Closes: #922372) -- IOhannes m zmölnig (Debian/GNU) <email address hidden> Fri, 08 Mar 2019 20:35:07 +0100
Available diffs
- diff from 1.0.28-5 to 1.0.28-6 (1.5 KiB)
libsndfile (1.0.28-5) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/changelog: Remove trailing whitespaces
[ Felipe Sateler ]
* Change maintainer address to <email address hidden>
[ IOhannes m zmölnig (Debian/GNU) ]
* Normalize patches with 'gbp pq'
* Add patch to fix buffer overflows in alaw/ulaw code
(CVE-2018-19661, CVE-2018-19662, CVE-2017-17456 and CVE-2017-17457).
Thanks to Hugo Lefeuvre <email address hidden> (Closes: #884735)
* Patch to fix division by zero (CVE-2017-14634)
Thanks to Fabian Greffrath <email address hidden> (Closes: #876783)
* Patch to fix heap read overflow (CVE-2018-19758)
Thanks to Erik de Castro Lopo <email address hidden> (Closes: #917416)
* Patch to ensure that maxnum channels is not exceeded.
Thanks to Brett T. Warden <email address hidden>
* Declare that "root" is not required to build this package
* Removed whitespace at end of d/changelog
* Bumped dh compat to 12
* Bump standards version to 4.3.0
-- IOhannes m zmölnig (Debian/GNU) <email address hidden> Tue, 12 Feb 2019 15:59:58 +0100
Available diffs
- diff from 1.0.28-4 to 1.0.28-5 (6.8 KiB)
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Published in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
libsndfile (1.0.28-4) unstable; urgency=medium * Moved maintainance to pkg-multimedia team * Made examples buildable (and build reproducible) * Dropped doubly installed docs * Dropped B-D on autotools-dev * Bumped standards version to 4.0.1 -- IOhannes m zmölnig (Debian/GNU) <email address hidden> Thu, 17 Aug 2017 14:21:33 +0200
Available diffs
- diff from 1.0.28-3 to 1.0.28-4 (1.2 KiB)
libsndfile (1.0.28-3) unstable; urgency=medium * Backported heap-overflow fix from upstream. -- IOhannes m zmölnig (Debian/GNU) <email address hidden> Wed, 12 Jul 2017 23:22:54 +0200
Available diffs
- diff from 1.0.28-2 to 1.0.28-3 (1.0 KiB)
libsndfile (1.0.28-2) unstable; urgency=medium * Backported fixes for RF64 support on armel/armhf (Closes: #865344) -- IOhannes m zmölnig (Debian/GNU) <email address hidden> Tue, 20 Jun 2017 21:35:50 +0200
Available diffs
- diff from 1.0.27-3 to 1.0.28-2 (90.5 KiB)
- diff from 1.0.28-1 to 1.0.28-2 (1.1 KiB)
libsndfile (1.0.28-1) unstable; urgency=medium
* New upstream version 1.0.28
* d/patches/
* Removed patches applied upstream
* Refreshed patches
* Backported patch for fixing CVE-2017-6892
(Closes: #864704)
* Fixed more typos
* d/control: single line per Depends
* Switched packaging to shorthand dh
* Build automatic debug packages
* Dropped setting of DEB_*_GNU_TYPE and friends
* Raised debhelper compat to 10
* Dropped B-D on dh-autoreconf
* B-D on autotools-dev
* Use DEP5 for d/copyright
* Bumped standards version to 4.0.0
*
-- IOhannes m zmölnig (Debian/GNU) <email address hidden> Tue, 20 Jun 2017 15:03:55 +0200
Available diffs
- diff from 1.0.27-3 to 1.0.28-1 (89.9 KiB)
libsndfile (1.0.25-7ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize security fixes with Debian's
1.0.25-9.1+deb7u2 release. Thanks!
- CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742,
CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365
-- Marc Deslauriers <email address hidden> Wed, 31 May 2017 09:42:28 -0400
Available diffs
libsndfile (1.0.25-10ubuntu0.16.04.1) xenial-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize security fixes with Debian's
1.0.25-9.1+deb7u2 release. Thanks!
- CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742,
CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365
-- Marc Deslauriers <email address hidden> Wed, 31 May 2017 09:38:37 -0400
Available diffs
libsndfile (1.0.25-10ubuntu0.16.10.1) yakkety-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize security fixes with Debian's
1.0.25-9.1+deb7u2 release. Thanks!
- CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742,
CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365
-- Marc Deslauriers <email address hidden> Wed, 31 May 2017 09:38:37 -0400
Available diffs
libsndfile (1.0.27-1ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize security fixes with Debian's 1.0.27-3
release. Thanks!
- CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742,
CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365
-- Marc Deslauriers <email address hidden> Wed, 31 May 2017 09:27:40 -0400
Available diffs
libsndfile (1.0.27-3) unstable; urgency=medium
* Mentioned CVEs fixed by fix_bufferoverflows.patch
(CVE-2017-7741, CVE-2017-7586, CVE-2017-7585)
* Backported patch for error handling of malicious/broken FLAC files
(CVE-2017-7742, CVE-2017-7741, CVE-2017-7585)
(Closes: #860255)
* Backported patch to fix buffer read overflow in FLAC code
(CVE-2017-8362)
(Closes: #862204)
* Backported patches to fix memory leaks in FLAC code
(CVE-2017-8363)
(Closes: #862203)
* Backported patch to fix buffer overruns in FLAC-code
(CVE-2017-8365, CVE-2017-8363, CVE-2017-8361)
(Closes: #862205, #862203, #862202)
* Added Vcs-* stanzas to d/control
-- IOhannes m zmölnig (Debian/GNU) <email address hidden> Sun, 28 May 2017 22:52:39 +0200
Available diffs
- diff from 1.0.27-2 to 1.0.27-3 (3.3 KiB)
libsndfile (1.0.27-2) unstable; urgency=medium
* Backported fixes for buffer-write overflows from 1.0.28.
Thanks to Erik de Castro Lopo
* Added myself to uploaders
-- IOhannes m zmölnig (Debian/GNU) <email address hidden> Tue, 04 Apr 2017 15:33:45 +0200
Available diffs
- diff from 1.0.27-1 to 1.0.27-2 (4.2 KiB)
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
libsndfile (1.0.27-1) unstable; urgency=low
[ Erik de Castro Lopo ]
* debian/patches : Drop un-needed patches.
* debian/control : Standards version 3.9.8.
* debian/copyright : Fix typo.
* libsndfile1.symbols : Add new symbols.
* Drop man pages that are now in upstream package.
[ IOhannes m zmölnig ]
* debian/patches :
- Fix spelling errors.
* debian/rules :
- Drop deprecated inclusion of hardening-includes.
- Disable silent builds.
-- Erik de Castro Lopo <email address hidden> Wed, 5 Oct 2016 22:32:40 +0200
Available diffs
- diff from 1.0.25-10 to 1.0.27-1 (655.7 KiB)
libsndfile (1.0.25-9.1ubuntu0.15.04.1) vivid-security; urgency=medium
* SECURITY UPDATE: denial of service via division-by-zero
- debian/patches/CVE-2014-9756.patch: check bytes and items in
src/file_io.c.
- CVE-2014-9756
* SECURITY UPDATE: heap overflow via AIFF file headindex value
- debian/patches/CVE-2015-7805.patch: use headend in src/common.c.
- CVE-2015-7805
-- Marc Deslauriers <email address hidden> Mon, 07 Dec 2015 10:00:33 -0500
Available diffs
libsndfile (1.0.25-4ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via segfault in SD2 RSRC parser
- debian/patches/01_sd2_rsrc_segfault.diff: check bounds in src/sd2.c.
* SECURITY UPDATE: denial of service via out-of-bounds read
- debian/patches/CVE-2014-9496.patch: check map offset and rsrc marker
in src/sd2.c.
- CVE-2014-9496
* SECURITY UPDATE: denial of service via division-by-zero
- debian/patches/CVE-2014-9756.patch: check bytes and items in
src/file_io.c.
- CVE-2014-9756
* SECURITY UPDATE: heap overflow via AIFF file headindex value
- debian/patches/CVE-2015-7805.patch: use headend in src/common.c.
- CVE-2015-7805
-- Marc Deslauriers <email address hidden> Mon, 07 Dec 2015 10:06:39 -0500
Available diffs
libsndfile (1.0.25-9.1ubuntu0.15.10.1) wily-security; urgency=medium
* SECURITY UPDATE: denial of service via division-by-zero
- debian/patches/CVE-2014-9756.patch: check bytes and items in
src/file_io.c.
- CVE-2014-9756
* SECURITY UPDATE: heap overflow via AIFF file headindex value
- debian/patches/CVE-2015-7805.patch: use headend in src/common.c.
- CVE-2015-7805
-- Marc Deslauriers <email address hidden> Mon, 07 Dec 2015 09:53:13 -0500
Available diffs
libsndfile (1.0.25-7ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via out-of-bounds read
- debian/patches/CVE-2014-9496.patch: check map offset and rsrc marker
in src/sd2.c.
- CVE-2014-9496
* SECURITY UPDATE: denial of service via division-by-zero
- debian/patches/CVE-2014-9756.patch: check bytes and items in
src/file_io.c.
- CVE-2014-9756
* SECURITY UPDATE: heap overflow via AIFF file headindex value
- debian/patches/CVE-2015-7805.patch: use headend in src/common.c.
- CVE-2015-7805
-- Marc Deslauriers <email address hidden> Mon, 07 Dec 2015 10:01:39 -0500
Available diffs
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
libsndfile (1.0.25-10) unstable; urgency=low
* debian/patches :
- Add 02_sd2_buffer_read_overflow.diff (CVE-2014-9496, closes: #774162).
- Add 03_file_io_divide_by_zero.diff (CVE-2014-9756, closes: #804447).
- Add 04_fix_aiff_heap_overflow.diff (CVE-2015-7805, closes: #804445).
* debian/control: Standards version 3.9.6. No changes needed.
-- Erik de Castro Lopo <email address hidden> Tue, 10 Nov 2015 20:36:47 +1100
Available diffs
- diff from 1.0.25-9.1 to 1.0.25-10 (3.3 KiB)
| Superseded in xenial-release |
| Obsolete in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
libsndfile (1.0.25-9.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix CVE-2014-9496: buffer overread issues (closes: #774162). -- Michael Gilbert <email address hidden> Mon, 26 Jan 2015 01:32:01 +0000
Available diffs
- diff from 1.0.25-9 to 1.0.25-9.1 (960 bytes)
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
libsndfile (1.0.25-9) unstable; urgency=low * debian/rules: Switch from autotools-dev to dh-autoreconf. * debian/control Standards-Version 3.9.5. -- Erik de Castro Lopo <email address hidden> Wed, 29 Jan 2014 18:21:13 +1100
Available diffs
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
libsndfile (1.0.25-7ubuntu2) trusty; urgency=medium * Build with dh-autoreconf for new libtool. -- William Grant <email address hidden> Sun, 15 Dec 2013 06:30:11 +0000
Available diffs
- diff from 1.0.25-7ubuntu1 to 1.0.25-7ubuntu2 (866 bytes)
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
libsndfile (1.0.25-7ubuntu1) saucy; urgency=low
* Update config.{guess,sub} for AArch64.
-- Matthias Klose <email address hidden> Tue, 13 Aug 2013 14:11:45 +0200
Available diffs
libsndfile (1.0.25-7) unstable; urgency=low
* debian/control debian/rules
Create -dbg versions of libsndfile1 and sndfile-programs binary packages.
-- Erik de Castro Lopo <email address hidden> Sat, 13 Jul 2013 18:48:35 +1000
Available diffs
- diff from 1.0.25-6 to 1.0.25-7 (1.1 KiB)
libsndfile (1.0.25-6) unstable; urgency=low * debian/patches/01_sd2_rsrc_segfault.diff : Patch from upstream git. * debian/rules : Remove cruft at end of ifeq line. * debian/control : Remove DM-Upload-Allowed which no longer works. -- Erik de Castro Lopo <email address hidden> Fri, 28 Jun 2013 17:39:23 +1000
Available diffs
- diff from 1.0.25-5 to 1.0.25-6 (2.8 KiB)
libsndfile (1.0.25-5) unstable; urgency=low * debian/libsndfile1-dev: Do not install libsndfile.la (Closes: #670420). * debian/control: Standards version 3.9.3. No changes needed. -- Erik de Castro Lopo <email address hidden> Mon, 18 Jun 2012 19:22:57 +1000
Available diffs
- diff from 1.0.25-4 to 1.0.25-5 (869 bytes)
libsndfile (1.0.25-4) unstable; urgency=low * Patch from Moritz Muehlenhoff enabling harden build flags (Closes: #654831). -- Erik de Castro Lopo <email address hidden> Fri, 6 Jan 2012 21:19:17 +1100
Available diffs
- diff from 1.0.25-3 to 1.0.25-4 (740 bytes)
libsndfile (1.0.25-3) unstable; urgency=low * Patch from Steve Langasek to enable multiarch (Closes: #637585). -- Erik de Castro Lopo <email address hidden> Sat, 13 Aug 2011 09:01:35 +1000
libsndfile (1.0.24-1ubuntu2) oneiric; urgency=low * Build for multiarch. LP: #825342. -- Steve Langasek <email address hidden> Fri, 12 Aug 2011 12:39:20 -0700
Available diffs
libsndfile (1.0.23-1ubuntu0.1) natty-security; urgency=low
* SECURITY UPDATE: integer overflow leading to heap-based overflow
- debian/CVE-2011-2696.patch: verify paf header length and paf channels
- CVE-2011-2696
-- Jamie Strandboge <email address hidden> Thu, 21 Jul 2011 15:32:10 -0500
Available diffs
libsndfile (1.0.21-2ubuntu0.10.10.1) maverick-security; urgency=low
* SECURITY UPDATE: integer overflow leading to heap-based overflow
- debian/CVE-2011-2696.patch: verify paf header length and paf channels
- CVE-2011-2696
-- Jamie Strandboge <email address hidden> Thu, 21 Jul 2011 15:33:45 -0500
Available diffs
libsndfile (1.0.21-2ubuntu0.10.04.1) lucid-security; urgency=low
* SECURITY UPDATE: integer overflow leading to heap-based overflow
- debian/CVE-2011-2696.patch: verify paf header length and paf channels
- CVE-2011-2696
-- Jamie Strandboge <email address hidden> Thu, 21 Jul 2011 15:33:45 -0500
Available diffs
| Superseded in oneiric-release |
libsndfile (1.0.24-1ubuntu1) oneiric; urgency=low
* SECURITY UPDATE: integer overflow leading to heap-based overflow
- debian/CVE-2011-2696.patch: verify paf header length and paf channels.
This can be dropped with 1.0.25.
- CVE-2011-2696
-- Jamie Strandboge <email address hidden> Thu, 21 Jul 2011 15:29:06 -0500
Available diffs
- diff from 1.0.24-1 to 1.0.24-1ubuntu1 (1.4 KiB)
libsndfile (1.0.24-1) unstable; urgency=low * New upstream. -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 30 Apr 2011 13:10:34 +0000
Available diffs
- diff from 1.0.23-1build1 to 1.0.24-1 (255.4 KiB)
libsndfile (1.0.23-1build1) natty; urgency=low * No-change upload to reduce shipped changelogs. -- Martin Pitt <email address hidden> Fri, 03 Dec 2010 09:13:26 +0100
Available diffs
- diff from 1.0.23-1 to 1.0.23-1build1 (351 bytes)
libsndfile (1.0.23-1) unstable; urgency=low * New upstream (Closes: #599145, #545257).
Available diffs
- diff from 1.0.21-2 to 1.0.23-1 (82.1 KiB)
libsndfile (1.0.21-2) unstable; urgency=low * Patch configure.ac to generate symbols file for kfreebsd (Closes: 561086). * debian/control : Add build-dep on autoconf and automake (for autoreconf). * debian/rules : Run autoreconf before configure.
Available diffs
- diff from 1.0.20-3 to 1.0.21-2 (378.6 KiB)
libsndfile (1.0.20-3) unstable; urgency=low
* debian/rules :
- Man pages belong to sndfile-programs. (Closes: #549972).
- Make sure that test suite failures are not ignored.
Available diffs
- diff from 1.0.20-1ubuntu1 to 1.0.20-3 (6.3 KiB)
libsndfile (1.0.17-4ubuntu0.8.04.2) hardy-security; urgency=low
* SECURITY UPDATE: fix heap overflows when processing crafted VOC and AIFF
headers
- debian/patches/security_CVE-2009-1788+1791.dpatch: adjust
voc_read_header() in voc.c to verify the user controlled size before
using psf_binheader_readf(). Do the same for aiff_read_header() in
aiff.c for pstr_len.
- CVE-2009-1788
- CVE-2009-1791
-- Jamie Strandboge <email address hidden> Wed, 07 Oct 2009 15:46:58 -0500
Available diffs
libsndfile (1.0.17-4ubuntu0.8.10.2) intrepid-security; urgency=low
* SECURITY UPDATE: fix heap overflows when processing crafted VOC and AIFF
headers
- debian/patches/security_CVE-2009-1788+1791.dpatch: adjust
voc_read_header() in voc.c to verify the user controlled size before
using psf_binheader_readf(). Do the same for aiff_read_header() in
aiff.c for pstr_len.
- CVE-2009-1788
- CVE-2009-1791
-- Jamie Strandboge <email address hidden> Wed, 07 Oct 2009 15:42:23 -0500
Available diffs
libsndfile (1.0.17-4ubuntu1.1) jaunty-security; urgency=low
* SECURITY UPDATE: fix heap overflows when processing crafted VOC and AIFF
headers
- debian/patches/security_CVE-2009-1788+1791.dpatch: adjust
voc_read_header() in voc.c to verify the user controlled size before
using psf_binheader_readf(). Do the same for aiff_read_header() in
aiff.c for pstr_len.
- CVE-2009-1788
- CVE-2009-1791
-- Jamie Strandboge <email address hidden> Wed, 07 Oct 2009 15:24:35 -0500
Available diffs
libsndfile (1.0.20-1ubuntu1) karmic; urgency=low * debian/rules: Clear the dependency_libs field in .la files. -- Luke Yelavich <email address hidden> Mon, 03 Aug 2009 18:25:23 +0100
Available diffs
- diff from 1.0.20-1 to 1.0.20-1ubuntu1 (748 bytes)
libsndfile (1.0.20-1) unstable; urgency=low * New upstream release. * Fixes potential heap overflows on VOC and AIFF files, closes: #528650.
Available diffs
- diff from 1.0.17-4ubuntu1 to 1.0.20-1 (879.9 KiB)
libsndfile (1.0.17-4ubuntu1) jaunty; urgency=low
* SECURITY UPDATE: integer overflow via crafted description chunks in CAF
audio files
- debian/patches/security_CVE-2009-0186.dpatch: make sure
desc.channels_per_frame is sane in src/caf.c.
- CVE-2009-0186
-- Marc Deslauriers <email address hidden> Fri, 27 Mar 2009 10:37:32 -0400
Available diffs
- diff from 1.0.17-4 to 1.0.17-4ubuntu1 (1.2 KiB)
libsndfile (1.0.17-4ubuntu0.8.10.1) intrepid-security; urgency=low
* SECURITY UPDATE: integer overflow via crafted description chunks in CAF
audio files
- debian/patches/security_CVE-2009-0186.dpatch: make sure
desc.channels_per_frame is sane in src/caf.c.
- CVE-2009-0186
-- Marc Deslauriers <email address hidden> Fri, 27 Mar 2009 10:55:13 -0400
Available diffs
libsndfile (1.0.17-4ubuntu0.8.04.1) hardy-security; urgency=low
* SECURITY UPDATE: integer overflow via crafted description chunks in CAF
audio files
- debian/patches/security_CVE-2009-0186.dpatch: make sure
desc.channels_per_frame is sane in src/caf.c.
- CVE-2009-0186
-- Marc Deslauriers <email address hidden> Fri, 27 Mar 2009 11:04:20 -0400
Available diffs
libsndfile (1.0.17-4ubuntu0.7.10.1) gutsy-security; urgency=low
* SECURITY UPDATE: integer overflow via crafted description chunks in CAF
audio files
- debian/patches/security_CVE-2009-0186.dpatch: make sure
desc.channels_per_frame is sane in src/caf.c.
- CVE-2009-0186
-- Marc Deslauriers <email address hidden> Fri, 27 Mar 2009 11:06:30 -0400
Available diffs
libsndfile (1.0.12-3ubuntu1.1) dapper-security; urgency=low
* SECURITY UPDATE: integer overflow via crafted description chunks in CAF
audio files
- src/caf.c: make sure desc.channels_per_frame is sane.
- http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17-4+lenny1.diff.gz
- CVE-2009-0186
-- Marc Deslauriers <email address hidden> Fri, 27 Mar 2009 11:10:47 -0400
Available diffs
| 1 → 75 of 87 results | First • Previous • Next • Last |
