-
wavpack (5.1.0-2ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds write
- debian/patches/CVE-2020-35738.patch: checks bounds
in order to avoid/fix integer overflows resulting in buffer
overruns in src/pack_utils.c.
- CVE-2020-35738
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Jan 2021 10:32:02 -0300
-
wavpack (5.1.0-2ubuntu1.4) bionic-security; urgency=medium
* debian/0009-issue-41-make-sure-DFF-does-not*.patch: make sure
DFF chunk does not have negative length.
* debian/patches/0010-issue-43-catch-zero*.patch: catch zero
channel count in DSF and DSDIFF files.
* SECURITY UPDATE: Crash due a divide by zero
- debian/patches/CVE-2019-1010315.patch: make sure DSDIFF files
have a valid channel count in cli/dsdiff.c.
- CVE-2019-1010315
* SECURITY UPDATE: Crashes and segfaults
- debian/patches/CVE-2019-1010317.patch: make sure CAF files
have a "desc" chunk in cli/caff.c.
- CVE-2019-1010317
* SECURITY UPDATE: Crashes and segfaults
- debian/patches/CVE-2019-1010318.patch: make sure sample rate is
specified and non-zero in DFF files in cli/dsdiff.c.
- CVE-2019-1010318
* SECURITY UPDATE: Crashes and segfaults
- debian/patches/CVE-2019-1010319.patch: clear WaveHeader at start
to prevent uninitialized read in cli/wave64.c.
- CVE-2019-1010319
-- <email address hidden> (Leonidas S. Barbosa) Tue, 16 Jul 2019 09:04:50 -0300
-
wavpack (5.1.0-2ubuntu1.3) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-11498.patch: make sure sample rate variable
is specified and non-zero in DFF files in cli/dsdiff.c.
- CVE-2019-11498
-- <email address hidden> (Leonidas S. Barbosa) Mon, 29 Apr 2019 11:43:20 -0300
-
wavpack (5.1.0-2ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19840.patch: checking
if sample_rate is not zero in src/pack_utils.c.
- CVE-2018-19840
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19841.patch: fix in
src/open_utils.c.
-- <email address hidden> (Leonidas S. Barbosa) Thu, 06 Dec 2018 08:47:38 -0300
-
wavpack (5.1.0-2ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: Writing to memory vulnerability in wav64 and riff
- debian/patches/CVE-2018-10536-and-10537.patch: fixing in cli/riff.c,
cli/wave64.c.
- CVE-2018-10536
- CVE-2018-10537
* SECURITY UPDATE: Out-of-bounds writes in riff, DSDiff and W64
- debian/patches/CVE-2018-10538-and-10539-and-10540.patch: sanitize
size of unknown chunks before malloc in cli/dsdiff.c, cli/riff.c,
cli/wave64.c.
- CVE-2018-10538
- CVE-2018-10539
- CVE-2018-10540
-- <email address hidden> (Leonidas S. Barbosa) Mon, 30 Apr 2018 15:53:18 -0300
-
wavpack (5.1.0-2ubuntu1) bionic; urgency=medium
* SECURITY UPDATE: stack-based buffer overr-read
- debian/patches/CVE-2018-6767.patch: do not overwrite
stack on corrupt RF64 file in cli/riff.c.
- CVE-2018-6767
* SECURITY UPDATE: Maliciously crafted DSDIFF can result
in a denial of service
- debian/patches/CVE-2018-7253.patch: do not overwrite
heap on corrupt DSDIFF file in cli/dsdiff.c
- CVE-2018-7253
* SECURITY UPDATE: Denial of service through maliciously
crafted CAF file
- debian/patches/CVE-2018-7254.patch: fix buffer overflows
and bad allocs in cli/caff.c.
- CVE-2018-7254
-- <email address hidden> (Leonidas S. Barbosa) Thu, 22 Feb 2018 12:13:50 -0300
-
wavpack (5.1.0-2) unstable; urgency=medium
* Bump Standards-Version to 4.0.0.
* Drop myself from Uploaders.
-- Loïc Minier <email address hidden> Sun, 09 Jul 2017 21:32:49 +0200
