-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 15 Dec 2018 13:10:27 +0100 Source: libsndfile Binary: libsndfile1-dev libsndfile1 sndfile-programs libsndfile1-dbg sndfile-programs-dbg Architecture: source amd64 Version: 1.0.25-9.1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Erik de Castro Lopo <erikd@mega-nerd.com> Changed-By: Hugo Lefeuvre <hle@debian.org> Description: libsndfile1 - Library for reading/writing audio files libsndfile1-dbg - debugging symbols for libsndfile libsndfile1-dev - Development files for libsndfile; a library for reading/writing a sndfile-programs - Sample programs that use libsndfile sndfile-programs-dbg - debugging symbols for sndfile-programs Closes: 862202 862203 862204 862205 876783 884735 914381 Changes: libsndfile (1.0.25-9.1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2018-13139, CVE-2018-19432: out of bounds read in sf_write_int (closes: #914381). * CVE-2017-8365: global buffer overflow in i2les_array (closes: #862202). * CVE-2017-8363: heap-based buffer overflow in flac_buffer_copy (closes: #862203). * CVE-2017-8362: Invalid memory read in flac_buffer_copy (closes: #862204). * CVE-2017-8361: global buffer overflow in flac_buffer_copy (closes: #862205). * CVE-2017-14634: multiple divide-by-zero issues in double64_init and float32_init (closes: #876783). * CVE-2017-17456, CVE-2017-17457, CVE-2018-19662, CVE-2018-19661, CVE-2017-14245 and CVE-2017-14246: multiple buffer overflow issues in {d,i}2ulaw_array and {d,i}2alaw_array (closes: #884735). Checksums-Sha1: 8a3d036170f122afd3ea8431f13510f7c3db6956 1808 libsndfile_1.0.25-9.1+deb8u2.dsc 2fea8d6dade414ae78848f038c591ed7488e72d3 14836 libsndfile_1.0.25-9.1+deb8u2.debian.tar.xz 2347e148a716727142b9335f26bd3a9a8b21a222 704750 libsndfile1-dev_1.0.25-9.1+deb8u2_amd64.deb d2c65eafff9c7530b01d7b9ae7c851014459a7f5 215482 libsndfile1_1.0.25-9.1+deb8u2_amd64.deb c79d23f5cbaa5823b12deda00e15cf61cc684df7 109566 sndfile-programs_1.0.25-9.1+deb8u2_amd64.deb 59be70be78b66109b6c8ad45635cf1d7fb3ce212 346292 libsndfile1-dbg_1.0.25-9.1+deb8u2_amd64.deb 8a2cabef5a9ce5cc5de4f8413fd866d24a17c886 138246 sndfile-programs-dbg_1.0.25-9.1+deb8u2_amd64.deb Checksums-Sha256: be6bf183d4b0d075ab5fddf5a329b3e25c0cd4e21fb238eda8f2d2f9bd1a869f 1808 libsndfile_1.0.25-9.1+deb8u2.dsc 2f11059b00e62ab2e4ee850e3bd9fe511fb89353902d8ddf2a4e3e8e9ac6bb16 14836 libsndfile_1.0.25-9.1+deb8u2.debian.tar.xz d699ba09e23af918da2a0c02394aa65bd83cc1d205eb1fbf05cdb73199798039 704750 libsndfile1-dev_1.0.25-9.1+deb8u2_amd64.deb 4db3337f10a6ab9cc9f6601b80bf5d0defe98422503f501419fa8a8abed1d694 215482 libsndfile1_1.0.25-9.1+deb8u2_amd64.deb af53eb81716ded49a74b80ceb15621be178a4061c84cc29f33ee051d241fec99 109566 sndfile-programs_1.0.25-9.1+deb8u2_amd64.deb 9d4181662a839f3dec73863f924db2ff2650d9c7bbc1ada08ab71d4ece16b4cd 346292 libsndfile1-dbg_1.0.25-9.1+deb8u2_amd64.deb 4ef61a98a512e348f17159066e16453782da9f363e1bd525abeae6acf4e90c9e 138246 sndfile-programs-dbg_1.0.25-9.1+deb8u2_amd64.deb Files: 1a1d6b31ef4c03d22f19de47dcddf9ab 1808 devel optional libsndfile_1.0.25-9.1+deb8u2.dsc ad461beb96a47078df3fe373afac83d7 14836 devel optional libsndfile_1.0.25-9.1+deb8u2.debian.tar.xz 1e76fa17f2956ec76eefccbad79764aa 704750 libdevel optional libsndfile1-dev_1.0.25-9.1+deb8u2_amd64.deb b4b0c4555a884f186d50bb01bcddf1f4 215482 libs optional libsndfile1_1.0.25-9.1+deb8u2_amd64.deb 6daa3669f7049d6942dcc163a0f1ea1e 109566 utils optional sndfile-programs_1.0.25-9.1+deb8u2_amd64.deb ccd72f8e1d98fcc6e0a9012409a63153 346292 debug extra libsndfile1-dbg_1.0.25-9.1+deb8u2_amd64.deb bd9a2c6149003e331d8294c804cef49c 138246 debug extra sndfile-programs-dbg_1.0.25-9.1+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlwgwQ4ACgkQZYVUZx9w 0DTFdwf/eOC31fZAR9qog55nXsqAaxsqkSdyUrFAJMILhaU5My8JVM76r2eBB5VU MRjngqCtzozaBjQbrOjII3O1t9VW9TQuv4j8IVS3CGsI1Vhb6msAT/0OP+4yUFlG L6UkWbNO5Bl9fct5LtDFM17RnyOb0g1Z00TQjHMSJf1yUJ4DQnXuTpeMY1TERKhH bKG2OBRfSx5rnF2mCnVgMLfxk7UwdnVNUK/EwtM/7E4vv/s7ZnHlQmvG+6JMcMC9 Q0MBvcfI0uOJf+6bGYNyAvxak8wRwqSm7w8yKH0N0w/HJ7kOqbJZ6ors1J7O1RR5 wE/OIMVP0p+ubPEqj0GNBs9apVIQQA== =e0LW -----END PGP SIGNATURE-----