libsndfile - Debian Package Tracker

general

source: libsndfile (main)
version: 1.2.2-1
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: IOhannes m zmölnig (Debian/GNU) [DMD]
arch: any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.28-6+deb10u1
o-o-sec: 1.0.28-6+deb10u2
oldstable: 1.0.31-2
stable: 1.2.0-1
testing: 1.2.2-1
unstable: 1.2.2-1

versioned links

1.0.28-6+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.28-6+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.31-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsndfile1 (2 bugs: 0, 2, 0, 0)
libsndfile1-dev (1 bugs: 0, 1, 0, 0)
sndfile-programs

action needed

4 security issues in trixie high

There are 4 open security issues in trixie.

4 important issues:

CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
CVE-2022-33065: Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.
CVE-2024-50612: libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
CVE-2024-50613: libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.

Created: 2023-07-22 Last update: 2024-11-20 21:00

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
CVE-2022-33065: Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.
CVE-2024-50612: libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
CVE-2024-50613: libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.

Created: 2023-07-22 Last update: 2024-11-20 21:00

lintian reports 2 warnings high

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-02-29 Last update: 2024-11-16 02:03

debian/patches: 1 patch with invalid metadata high

Among the 1 debian patch available in version 1.2.2-1 of the package, we noticed the following issues:

1 patch with invalid metadata that ought to be fixed.

Created: 2023-02-26 Last update: 2023-08-31 10:00

Depends on packages which need a new maintainer normal

The packages that libsndfile depends on which need a new maintainer are:

autogen (#1010062)
- Build-Depends: autogen

Created: 2022-04-23 Last update: 2024-11-21 06:33

3 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit bbb585e8eb77b8df831d33f25719752339078188
Author: Dylan Aïssi <daissi@debian.org>
Date:   Wed Jul 3 18:06:45 2024 +0200

    Bump standards version to 4.7.0

commit a98d79aad098f4c36cadef9ee31f0e965211453c
Author: Dylan Aïssi <daissi@debian.org>
Date:   Wed Jul 3 17:59:55 2024 +0200

    fix_typos.patch: fix DEP3 header

commit e5fa46d5c7f75a9fe1dd0130ce74e4297f42d6b4
Author: Dylan Aïssi <daissi@debian.org>
Date:   Wed Jul 3 17:55:39 2024 +0200

    Switch from pkg-config to pkgconf in Build-Depends and Recommends

Created: 2024-07-03 Last update: 2024-11-16 20:05

4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

4 issues left for the package maintainer to handle:

CVE-2022-33064: (postponed; to be fixed through a stable update) An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
CVE-2022-33065: (needs triaging) Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.
CVE-2024-50612: (postponed; to be fixed through a stable update) libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
CVE-2024-50613: (postponed; to be fixed through a stable update) libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-07-22 Last update: 2024-11-20 21:00

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2021-01-12 Last update: 2021-01-12 00:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 4.6.2).

Created: 2024-04-07 Last update: 2024-04-07 13:15

news

[rss feed]

[2023-09-02] libsndfile 1.2.2-1 MIGRATED to testing (Debian testing watch)
[2023-08-30] Accepted libsndfile 1.2.2-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2023-01-03] libsndfile 1.2.0-1 MIGRATED to testing (Debian testing watch)
[2022-12-31] Accepted libsndfile 1.2.0-1 (source) into unstable (Dennis Braun)
[2022-10-08] libsndfile 1.1.0-3 MIGRATED to testing (Debian testing watch)
[2022-10-06] Accepted libsndfile 1.1.0-3 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-09-29] Accepted libsndfile 1.0.28-6+deb10u2 (source) into oldstable (Thorsten Alteholz)
[2022-09-10] libsndfile 1.1.0-2 MIGRATED to testing (Debian testing watch)
[2022-09-10] libsndfile 1.1.0-2 MIGRATED to testing (Debian testing watch)
[2022-09-08] Accepted libsndfile 1.1.0-2 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-09-06] Accepted libsndfile 1.1.0-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-06-26] Accepted libsndfile 1.0.27-3+deb9u3 (source amd64) into oldoldstable (Thorsten Alteholz)
[2021-08-01] libsndfile 1.0.31-2 MIGRATED to testing (Debian testing watch)
[2021-07-31] Accepted libsndfile 1.0.28-6+deb10u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-07-30] Accepted libsndfile 1.0.28-6+deb10u1 (source amd64) into stable->embargoed, stable (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-07-29] Accepted libsndfile 1.0.27-3+deb9u2 (source amd64) into oldstable (Thorsten Alteholz)
[2021-07-26] Accepted libsndfile 1.0.31-2 (source) into unstable (Sebastian Ramacher)
[2021-02-01] libsndfile 1.0.31-1 MIGRATED to testing (Debian testing watch)
[2021-01-29] Accepted libsndfile 1.0.31-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2021-01-14] libsndfile 1.0.30-1 MIGRATED to testing (Debian testing watch)
[2021-01-11] Accepted libsndfile 1.0.30-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2020-10-29] Accepted libsndfile 1.0.27-3+deb9u1 (source amd64) into oldstable (Thorsten Alteholz)
[2020-05-31] libsndfile 1.0.28-8 MIGRATED to testing (Debian testing watch)
[2020-05-25] Accepted libsndfile 1.0.28-8 (source) into unstable (Mattia Rizzolo)
[2020-02-23] libsndfile 1.0.28-7 MIGRATED to testing (Debian testing watch)
[2020-02-18] Accepted libsndfile 1.0.28-7 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2019-03-19] libsndfile 1.0.28-6 MIGRATED to testing (Debian testing watch)
[2019-03-13] Accepted libsndfile 1.0.25-9.1+deb8u4 (source amd64) into oldstable (Emilio Pozuelo Monfort)
[2019-03-08] Accepted libsndfile 1.0.28-6 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2019-02-24] libsndfile 1.0.28-5 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 7
RC: 0
I&N: 7
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.2-1ubuntu5
2 bugs
patches for 1.2.2-1ubuntu5