On Wed, May 31, 2017 at 07:22:35PM +0200, Moritz Muehlenhoff wrote:
> On Wed, Apr 12, 2017 at 08:42:59PM +1000, Erik de Castro Lopo wrote:
> > Salvatore Bonaccorso wrote:
> >
> > > Source: libsamplerate
> > > Version: 0.1.8-8
> > > Severity: important
> > > Tags: security upstream
> > >
> > > Hi,
> > >
> > > the following vulnerability was published for libsamplerate.
> > >
> > > CVE-2017-7697[0]:
> > > | In libsamplerate before 0.1.9, a buffer over-read occurs in the
> > > | calc_output_single function in src_sinc.c via a crafted audio file.
> > >
> > > If you fix the vulnerability please also make sure to include the
> > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > This bug was reported within the last 24 hours, but was fixed over
> > 6 months ago and released as part of version 0.1.9.
> >
> > Obviously, I cannot go back an retoactively update the changelog.
>
> What's the status, can we fix that in testing/sid?
*ping*
Cheers,
Moritz
