Hi Erik, On Wed, Apr 12, 2017 at 08:42:59PM +1000, Erik de Castro Lopo wrote: > Salvatore Bonaccorso wrote: > > > Source: libsamplerate > > Version: 0.1.8-8 > > Severity: important > > Tags: security upstream > > > > Hi, > > > > the following vulnerability was published for libsamplerate. > > > > CVE-2017-7697[0]: > > | In libsamplerate before 0.1.9, a buffer over-read occurs in the > > | calc_output_single function in src_sinc.c via a crafted audio file. > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > This bug was reported within the last 24 hours, but was fixed over > 6 months ago and released as part of version 0.1.9. > > Obviously, I cannot go back an retoactively update the changelog.
I see! I was meant in the debian/changelog :-). The bug is still present in 0.1.8-8 in the Debian package. Regards, Salvatore
