Ubuntu
wavpack package

Change logs for wavpack source package in Disco

  1. Disco (19.04)
  2. Change log 
  • wavpack (5.1.0-5ubuntu0.2) disco-security; urgency=medium

  * debian/0009-issue-41-make-sure-DFF-does-not*.patch: make sure
    DFF chunk does not have negative length.
  * debian/patches/0010-issue-43-catch-zero*.patch: catch zero
    channel count in DSF and DSDIFF files.
  * SECURITY UPDATE: Crash due a divide by zero
    - debian/patches/CVE-2019-1010315.patch: make sure DSDIFF files
      have a valid channel count in cli/dsdiff.c.
    - CVE-2019-1010315
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010317.patch: make sure CAF files
      have a "desc" chunk in cli/caff.c.
    - CVE-2019-1010317
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010318.patch: make sure sample rate is
      specified and non-zero in DFF files in cli/dsdiff.c.
    - CVE-2019-1010318
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010319.patch: clear WaveHeader at start
      to prevent uninitialized read in cli/wave64.c.
    - CVE-2019-1010319

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 15 Jul 2019 15:45:37 -0300
  • wavpack (5.1.0-5ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-11498.patch: make sure sample rate variable
      is specified and non-zero in DFF files in cli/dsdiff.c.
    - CVE-2019-11498

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 29 Apr 2019 11:39:34 -0300
  • wavpack (5.1.0-5) unstable; urgency=medium

  * debian/control: Bump Standards-Version.
  * debian/patches: Cherry-pick upstream patches for multiple CVEs
    (CVE-2018-19840, CVE-2018-19841). (Closes: #915564, #915565)

 -- Sebastian Ramacher <email address hidden>  Wed, 05 Dec 2018 09:43:52 +0100
  • wavpack (5.1.0-4) unstable; urgency=medium

  * debian/control:
    - Remove old Pre-Depends.
    - Add myself to Uploaders.
    - Bump Standards-Version.
  * debian/copyright: Convert to CF-1.0.
  * debian/:
    - Convert to dh.
    - Bump debhelper compat level to 11.
  * debian/watch: Update to version 4.
  * debian/rules: Build with all hardening options enabled.

 -- Sebastian Ramacher <email address hidden>  Sat, 28 Jul 2018 17:53:07 +0200