-
wavpack (5.1.0-5ubuntu0.2) disco-security; urgency=medium
* debian/0009-issue-41-make-sure-DFF-does-not*.patch: make sure
DFF chunk does not have negative length.
* debian/patches/0010-issue-43-catch-zero*.patch: catch zero
channel count in DSF and DSDIFF files.
* SECURITY UPDATE: Crash due a divide by zero
- debian/patches/CVE-2019-1010315.patch: make sure DSDIFF files
have a valid channel count in cli/dsdiff.c.
- CVE-2019-1010315
* SECURITY UPDATE: Crashes and segfaults
- debian/patches/CVE-2019-1010317.patch: make sure CAF files
have a "desc" chunk in cli/caff.c.
- CVE-2019-1010317
* SECURITY UPDATE: Crashes and segfaults
- debian/patches/CVE-2019-1010318.patch: make sure sample rate is
specified and non-zero in DFF files in cli/dsdiff.c.
- CVE-2019-1010318
* SECURITY UPDATE: Crashes and segfaults
- debian/patches/CVE-2019-1010319.patch: clear WaveHeader at start
to prevent uninitialized read in cli/wave64.c.
- CVE-2019-1010319
-- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Jul 2019 15:45:37 -0300
-
wavpack (5.1.0-5ubuntu0.1) disco-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-11498.patch: make sure sample rate variable
is specified and non-zero in DFF files in cli/dsdiff.c.
- CVE-2019-11498
-- <email address hidden> (Leonidas S. Barbosa) Mon, 29 Apr 2019 11:39:34 -0300
-
wavpack (5.1.0-5) unstable; urgency=medium
* debian/control: Bump Standards-Version.
* debian/patches: Cherry-pick upstream patches for multiple CVEs
(CVE-2018-19840, CVE-2018-19841). (Closes: #915564, #915565)
-- Sebastian Ramacher <email address hidden> Wed, 05 Dec 2018 09:43:52 +0100
-
wavpack (5.1.0-4) unstable; urgency=medium
* debian/control:
- Remove old Pre-Depends.
- Add myself to Uploaders.
- Bump Standards-Version.
* debian/copyright: Convert to CF-1.0.
* debian/:
- Convert to dh.
- Bump debhelper compat level to 11.
* debian/watch: Update to version 4.
* debian/rules: Build with all hardening options enabled.
-- Sebastian Ramacher <email address hidden> Sat, 28 Jul 2018 17:53:07 +0200