-
wavpack (5.1.0-4ubuntu0.2) cosmic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-11498.patch: make sure sample rate variable
is specified and non-zero in DFF files in cli/dsdiff.c.
- CVE-2019-11498
-- <email address hidden> (Leonidas S. Barbosa) Mon, 29 Apr 2019 11:42:32 -0300
-
wavpack (5.1.0-4ubuntu0.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19840.patch: checking
if sample_rate is not zero in src/pack_utils.c.
- CVE-2018-19840
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19841.patch: fix in
src/open_utils.c.
-- <email address hidden> (Leonidas S. Barbosa) Thu, 06 Dec 2018 08:57:02 -0300
-
wavpack (5.1.0-4) unstable; urgency=medium
* debian/control:
- Remove old Pre-Depends.
- Add myself to Uploaders.
- Bump Standards-Version.
* debian/copyright: Convert to CF-1.0.
* debian/:
- Convert to dh.
- Bump debhelper compat level to 11.
* debian/watch: Update to version 4.
* debian/rules: Build with all hardening options enabled.
-- Sebastian Ramacher <email address hidden> Sat, 28 Jul 2018 17:53:07 +0200
-
wavpack (5.1.0-3) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/rules: Remove trailing whitespaces
[ Felipe Sateler ]
* Change maintainer address to <email address hidden>
[ Sebastian Ramacher ]
* debian/control: Bump Standards-Version.
* debian/patches:
- Cherry-pick upstream patches for multiple CVEs (CVE-2018-7254,
CVE-2018-7253, CVE-2018-6767, CVE-2018-10540, CVE-2018-10539,
CVE-2018-10538, CVE-2018-10537, CVE-2018-10536). (Closes: #889274,
#889276, #889559, #897271)
- Fix a memory leak.
-- Sebastian Ramacher <email address hidden> Tue, 01 May 2018 09:52:12 +0200
-
wavpack (5.1.0-2ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: Writing to memory vulnerability in wav64 and riff
- debian/patches/CVE-2018-10536-and-10537.patch: fixing in cli/riff.c,
cli/wave64.c.
- CVE-2018-10536
- CVE-2018-10537
* SECURITY UPDATE: Out-of-bounds writes in riff, DSDiff and W64
- debian/patches/CVE-2018-10538-and-10539-and-10540.patch: sanitize
size of unknown chunks before malloc in cli/dsdiff.c, cli/riff.c,
cli/wave64.c.
- CVE-2018-10538
- CVE-2018-10539
- CVE-2018-10540
-- <email address hidden> (Leonidas S. Barbosa) Mon, 30 Apr 2018 15:53:18 -0300
-
wavpack (5.1.0-2ubuntu1) bionic; urgency=medium
* SECURITY UPDATE: stack-based buffer overr-read
- debian/patches/CVE-2018-6767.patch: do not overwrite
stack on corrupt RF64 file in cli/riff.c.
- CVE-2018-6767
* SECURITY UPDATE: Maliciously crafted DSDIFF can result
in a denial of service
- debian/patches/CVE-2018-7253.patch: do not overwrite
heap on corrupt DSDIFF file in cli/dsdiff.c
- CVE-2018-7253
* SECURITY UPDATE: Denial of service through maliciously
crafted CAF file
- debian/patches/CVE-2018-7254.patch: fix buffer overflows
and bad allocs in cli/caff.c.
- CVE-2018-7254
-- <email address hidden> (Leonidas S. Barbosa) Thu, 22 Feb 2018 12:13:50 -0300
