-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Jul 2021 19:03:02 +0200 Source: libsndfile Binary: libsndfile1-dev libsndfile1 sndfile-programs libsndfile1-dbg sndfile-programs-dbg Architecture: source amd64 Version: 1.0.27-3+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Erik de Castro Lopo <erikd@mega-nerd.com> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libsndfile1 - Library for reading/writing audio files libsndfile1-dbg - debugging symbols for libsndfile libsndfile1-dev - Development files for libsndfile; a library for reading/writing a sndfile-programs - Sample programs that use libsndfile sndfile-programs-dbg - debugging symbols for sndfile-programs Closes: 991496 Changes: libsndfile (1.0.27-3+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2021-3246 (Closes: #991496) A crafted WAV file can trigger a heap buffer overflow and might allow exectution of arbitrary code. Checksums-Sha1: 3cb62c98895c1d6fb130d09009af5a7e95125b41 2512 libsndfile_1.0.27-3+deb9u2.dsc e112d4937352d1722b06911b00c79e9bce15095c 1192337 libsndfile_1.0.27.orig.tar.gz 61051858cc601a9d8870419049537295fd11b594 17508 libsndfile_1.0.27-3+deb9u2.debian.tar.xz 457b98729e24988e400f272203980ef18ed82bdd 458676 libsndfile1-dbg_1.0.27-3+deb9u2_amd64.deb ba50e39c33d0df83bdb93dc6c22324340bfef1f6 361746 libsndfile1-dev_1.0.27-3+deb9u2_amd64.deb 43d3dea76bdbdb1a3cd2372abbeeaaa117ea1d57 248254 libsndfile1_1.0.27-3+deb9u2_amd64.deb a00fa9c7ba2f5144bfecc333c58eb82326439712 7620 libsndfile_1.0.27-3+deb9u2_amd64.buildinfo 6eb887679539d773d1abd62abc331d22dc678634 160430 sndfile-programs-dbg_1.0.27-3+deb9u2_amd64.deb f43d5bf043de02d1b597425914904ff55dba1ab4 126718 sndfile-programs_1.0.27-3+deb9u2_amd64.deb Checksums-Sha256: e2e4714848d27021c3611d31d14af044dfbf58aa5f39cc383a845d176f1133f8 2512 libsndfile_1.0.27-3+deb9u2.dsc a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0 1192337 libsndfile_1.0.27.orig.tar.gz e81c73ba7cd2f075cd1ffff262434a427d6479ec7c76008a9009600fed223fa1 17508 libsndfile_1.0.27-3+deb9u2.debian.tar.xz fc9f3607ebbd7af779829b23a391c57d3bc620646ed6a563c36abb01e9290c8f 458676 libsndfile1-dbg_1.0.27-3+deb9u2_amd64.deb 13f1d518b160250e6056c3aa9e4d00397178ea5459a20fb1824214e4a1935e1d 361746 libsndfile1-dev_1.0.27-3+deb9u2_amd64.deb a608f2b2646c33f9963dc8f42be6c7283d3cca4e2e26975035d8db6b2e24663e 248254 libsndfile1_1.0.27-3+deb9u2_amd64.deb a4d5769e1d881985dcffec0f0751d9688cee03672a966fc2a51c68b5ef3447cc 7620 libsndfile_1.0.27-3+deb9u2_amd64.buildinfo 69c395c3b8fdb364dfa9bad2b3aab1492a7aa81648071a7cb60e6ec58ef973fb 160430 sndfile-programs-dbg_1.0.27-3+deb9u2_amd64.deb f16c6fb1e791608375a5a7b20c96d48d14e27f6418ee62021ecf3d7c96e47412 126718 sndfile-programs_1.0.27-3+deb9u2_amd64.deb Files: b9ac1f9596d00a25ef4f7295ab7cca1f 2512 devel optional libsndfile_1.0.27-3+deb9u2.dsc fd1d97c6077f03b5d984d7956ffedb7a 1192337 devel optional libsndfile_1.0.27.orig.tar.gz 751a9da1f9d0a55a97fdcec1685c25c6 17508 devel optional libsndfile_1.0.27-3+deb9u2.debian.tar.xz bbc656f7ca75fa3e110767eb2279f479 458676 debug extra libsndfile1-dbg_1.0.27-3+deb9u2_amd64.deb b7843c94d5019064a906200e48a71085 361746 libdevel optional libsndfile1-dev_1.0.27-3+deb9u2_amd64.deb 3b1e8999325495e964dcb846db9527ee 248254 libs optional libsndfile1_1.0.27-3+deb9u2_amd64.deb aad1af79c03698a17d0c754d4becca1d 7620 devel optional libsndfile_1.0.27-3+deb9u2_amd64.buildinfo 63d2cfb9b0048143812b1070e6f1844b 160430 debug extra sndfile-programs-dbg_1.0.27-3+deb9u2_amd64.deb 3caf1ad0b02cf50ed162da6c2728855a 126718 utils optional sndfile-programs_1.0.27-3+deb9u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmEDJOlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR5uKEACDH32Nz/si6WnmSLy+vKSIPqQwOjp4 l5FSqt8z3/lPRRYXtv0T1aLLGEP87bxBMtbuc0ykWmGFo+cimPEm+eJx2VEdh1uW jzZjGUcpFcuC5QLdHAX+zzFOg+sm7y1U4PuqudeWUiiy4AOUBq8wV6kGb6xPxOxl Pt9XwQ3RPwMvOM3Y+c3RxAyjJlypMKnLRTblk8j2dO/aE59McBnySKOkc+LqT2PJ NNBQgGySppsQIqDx1IADfDQbmTRLQ2oYLnF0yGLSHHlnwxb7bAOvezXXkZcuRnqY foA/23szVJvzqT8IhzJvpPj7wQTqtcQz9IS8opt+b36Hiw1FYAeCh7zrChGkoBp8 NSm13aZ27BQEgEKrTCjFqEqLp8shjrdi+lODKPOKfuh5jzd7sHw5bXMLwz/t2Tuu rP4yjsMmZRHpdYiTFD4/qyM6E9BcxT0SDc626zL07RBPSXWp+Air8/24lOMPw/xb JcirmQW+7K0740mZttRMXYTr0ULgvaCD9FLHqsyZddq5aEyXScIORdFr3cc/TV1t zCOxH0iYcQLk6yRy5A31IrSA6ov8gyil5POOjmKOeU4wE4x7gr764OEU3AvXaQnM 3GmimhNPR5qn7Py5n+RKHU5lmm5fd1KKHG0JNnRQC91f4L6BwDIalismEjEvZMFp 1QbtCTkg+hyPQQ== =qDzv -----END PGP SIGNATURE-----