Bug#857651: marked as pending

Thu, 23 Mar 2017 01:33:40 -0700 

tag 857651 pending
thanks

Hello,

Bug #857651 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    
http://anonscm.debian.org/git/pkg-multimedia/audiofile.git/commit/?id=242f019

---
commit 242f0192363e1c3148116d58942ad2624a311425
Author: Salvatore Bonaccorso <car...@debian.org>
Date:   Sat Mar 18 19:28:56 2017 +0100

    Import Debian changes 0.3.6-2+deb8u2
    
    audiofile (0.3.6-2+deb8u2) jessie-security; urgency=high
    
      * Non-maintainer upload by the Security Team.
      * Address several vulnerabilities (Closes: #857651)
        - Always check the number of coefficients (CVE-2017-6827 CVE-2017-6828
          CVE-2017-6832 CVE-2017-6833 CVE-2017-6835 CVE-2017-6837)
        - clamp index values to fix index overflow in IMA.cpp (CVE-2017-6829)
        - Check for multiplication overflow in sfconvert (CVE-2017-6830
          CVE-2017-6834 CVE-2017-6836 CVE-2017-6838)
        - Actually fail when error occurs in parseFormat (CVE-2017-6831)
        - Check for multiplication overflow in MSADPCM decodeSample
          (CVE-2017-6839)
      * Fix signature of multiplyCheckOverflow. It returns a bool, not an int
      * Check for division by zero in BlockCodec::runPull

diff --git a/debian/changelog b/debian/changelog
index 9f9f1f2..9819ae1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+audiofile (0.3.6-2+deb8u2) jessie-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Address several vulnerabilities (Closes: #857651)
+    - Always check the number of coefficients (CVE-2017-6827 CVE-2017-6828
+      CVE-2017-6832 CVE-2017-6833 CVE-2017-6835 CVE-2017-6837)
+    - clamp index values to fix index overflow in IMA.cpp (CVE-2017-6829)
+    - Check for multiplication overflow in sfconvert (CVE-2017-6830
+      CVE-2017-6834 CVE-2017-6836 CVE-2017-6838)
+    - Actually fail when error occurs in parseFormat (CVE-2017-6831)
+    - Check for multiplication overflow in MSADPCM decodeSample
+      (CVE-2017-6839)
+  * Fix signature of multiplyCheckOverflow. It returns a bool, not an int
+  * Check for division by zero in BlockCodec::runPull
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sat, 18 Mar 2017 19:28:56 +0100
+
 audiofile (0.3.6-2+deb8u1) jessie; urgency=high
 
   * Team upload.

Reply via email to