On Wed, Apr 12, 2017 at 08:42:59PM +1000, Erik de Castro Lopo wrote:
> Salvatore Bonaccorso wrote:
>
> > Source: libsamplerate
> > Version: 0.1.8-8
> > Severity: important
> > Tags: security upstream
> >
> > Hi,
> >
> > the following vulnerability was published for libsamplerate.
> >
> > CVE-2017-7697[0]:
> > | In libsamplerate before 0.1.9, a buffer over-read occurs in the
> > | calc_output_single function in src_sinc.c via a crafted audio file.
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> This bug was reported within the last 24 hours, but was fixed over
> 6 months ago and released as part of version 0.1.9.
>
> Obviously, I cannot go back an retoactively update the changelog.
What's the status, can we fix that in testing/sid?
Cheers,
Moritz
