Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted audiofile 0.3.6-2+deb8u2 (source) into proposed-updates->stable-new, proposed-updates
Date: Wed, 29 Mar 2017 19:32:08 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Mar 2017 19:28:56 +0100
Source: audiofile
Binary: audiofile-tools libaudiofile-dev libaudiofile1 libaudiofile-dbg
Architecture: source
Version: 0.3.6-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 857651
Description: 
 audiofile-tools - sfinfo and sfconvert tools
 libaudiofile-dbg - Open-source version of SGI's audiofile library (debug)
 libaudiofile-dev - Open-source version of SGI's audiofile library (header files)
 libaudiofile1 - Open-source version of SGI's audiofile library
Changes:
 audiofile (0.3.6-2+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address several vulnerabilities (Closes: #857651)
     - Always check the number of coefficients (CVE-2017-6827 CVE-2017-6828
       CVE-2017-6832 CVE-2017-6833 CVE-2017-6835 CVE-2017-6837)
     - clamp index values to fix index overflow in IMA.cpp (CVE-2017-6829)
     - Check for multiplication overflow in sfconvert (CVE-2017-6830
       CVE-2017-6834 CVE-2017-6836 CVE-2017-6838)
     - Actually fail when error occurs in parseFormat (CVE-2017-6831)
     - Check for multiplication overflow in MSADPCM decodeSample
       (CVE-2017-6839)
   * Fix signature of multiplyCheckOverflow. It returns a bool, not an int
   * Check for division by zero in BlockCodec::runPull
Checksums-Sha1: 
 9ef62372482313a1af0c8f669410d51822ee0230 2385 audiofile_0.3.6-2+deb8u2.dsc
 3aba3ef724b1b5f88cfc20ab9f8ce098e6c35a0e 811733 audiofile_0.3.6.orig.tar.gz
 110bf58c6c24d698eb55aa19894f77907517ac22 15512 audiofile_0.3.6-2+deb8u2.debian.tar.xz
Checksums-Sha256: 
 381b03e1b3f7270bcca367769b685e3e6a461cfb5a9ff2f30a72bf9e60205e6b 2385 audiofile_0.3.6-2+deb8u2.dsc
 cdc60df19ab08bfe55344395739bb08f50fc15c92da3962fac334d3bff116965 811733 audiofile_0.3.6.orig.tar.gz
 6f08b8d898317e92b42722f8040d1c6c42ceb717068f40b66251486656910738 15512 audiofile_0.3.6-2+deb8u2.debian.tar.xz
Files: 
 d5ac09ee6abc76c7f1cd46187d9d1763 2385 libs optional audiofile_0.3.6-2+deb8u2.dsc
 2731d79bec0acef3d30d2fc86b0b72fd 811733 libs optional audiofile_0.3.6.orig.tar.gz
 ed19806ebe18badf2256636de983482c 15512 libs optional audiofile_0.3.6-2+deb8u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljNgMxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ER1UQAINRqHyi+BqRt85Aw7FrivdNCGd3WOBG
bU92d/HauItplCS7Eqg5vDS+mtRnDGGQBqFaZO7zjyUnjKaKF8QSEz/DXpt3K49Z
B0u4Rb2UZ39mm4WCu60vSNsiD4cUtGj8aLROsz+Aeg5TTvE7ETFMVsW0ZK9V1G8J
weazOvS+BBm1axX6es5kuMum5UNzirmkJzWeHUia7MtKOwdsht1f0EDQtrnXFYtb
3veKM+84R98hlunBm0hL+ait2hfSlmwsiy6or3KxK/M4qLapH55xIArZ9OuvW2sL
pY5YTnmw1ZKCavaGmbB8MiidiliA/20k3PzpRYDupTfY2NPBrx3p5obNQu/evt9x
Db+eDXFGCTdVC/MQpNvAGinDnzmmKbHIfmkqhxwV9DZq9re358whu1crG/HP5fVu
tkbqc6sDaltD5c1TmiBkR7lniDKc3SZ7XimAAf4JBjuiqiqRI7thFIHSilpWSQ0X
Cl9LZu3lZpa0kF7Eg4DUUAQ7m1w1wNhte7IUng0GW7QArZn7UGWJ3LnD2gqysVbv
YaL8Rt2pMYr5L3uiaw5oRv/u76UOOcbzmb5C8EpKgoHD/s9ftVaiPe9OYhW09zqs
P1pVkNN0vKlkgTN8Zx459JO7TEvTNh+uzoqGMaximPnAaSbT+GE3cH5h/GTwbV2/
QHakxvDH/lI0
=8Y7S
-----END PGP SIGNATURE-----
News for package audiofile
