-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 May 2017 22:03:02 +0200 Source: libsndfile Binary: libsndfile1-dev libsndfile1 sndfile-programs Architecture: source amd64 Version: 1.0.25-9.1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Erik de Castro Lopo <erikd@mega-nerd.com> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libsndfile1 - Library for reading/writing audio files libsndfile1-dev - Development files for libsndfile; a library for reading/writing a sndfile-programs - Sample programs that use libsndfile Changes: libsndfile (1.0.25-9.1+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2017-8361 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. * CVE-2017-8362 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. * CVE-2017-8363 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. * CVE-2017-8365 The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. Checksums-Sha1: 2a8e12c684e85c8b316fc45589ed8e75694ede3f 2169 libsndfile_1.0.25-9.1+deb7u2.dsc e95d9fca57f7ddace9f197071cbcfb92fa16748e 1060692 libsndfile_1.0.25.orig.tar.gz a255588a129fca9cf09564eedb06f6dd620417e1 19424 libsndfile_1.0.25-9.1+deb7u2.debian.tar.gz 8bdd65ab04bb702ff869cff32990b874f7a977bf 392330 libsndfile1-dev_1.0.25-9.1+deb7u2_amd64.deb 457311b5fb956d48dcdb434016cf7f0c7d3f6208 245128 libsndfile1_1.0.25-9.1+deb7u2_amd64.deb 45f321289e35852037355f7a9d026664940a484a 120190 sndfile-programs_1.0.25-9.1+deb7u2_amd64.deb Checksums-Sha256: ba4c62a570b2ab2acee2051f97505f6aef07c22f563fb2e2148a525bf7d6374a 2169 libsndfile_1.0.25-9.1+deb7u2.dsc 59016dbd326abe7e2366ded5c344c853829bebfd1702ef26a07ef662d6aa4882 1060692 libsndfile_1.0.25.orig.tar.gz 8cfbb5cc788a0a8082833ac8a6fe7e07b4b4ebe7b6a55c6fc44ae1fac6dce23c 19424 libsndfile_1.0.25-9.1+deb7u2.debian.tar.gz e2cdf9488f7c6fd45f1c1b82c917ce13823cf6b3697c2d52b7a35296f0eb60e0 392330 libsndfile1-dev_1.0.25-9.1+deb7u2_amd64.deb b324ab6f88293cfa0db92771cc9ddac9694ff3c6cb560d758a01af28d1d65065 245128 libsndfile1_1.0.25-9.1+deb7u2_amd64.deb 4c7f3480e52d1be7c0c14e139ec0f0c174d4be24eb8c8058e48b21b99a6ca5ed 120190 sndfile-programs_1.0.25-9.1+deb7u2_amd64.deb Files: 2dd9b74e1bbc130a85761ec86109e617 2169 devel optional libsndfile_1.0.25-9.1+deb7u2.dsc e2b7bb637e01022c7d20f95f9c3990a2 1060692 devel optional libsndfile_1.0.25.orig.tar.gz 24c2d42a7bda7bfe0aac08fcee0eaf7f 19424 devel optional libsndfile_1.0.25-9.1+deb7u2.debian.tar.gz 4dbe319e55bba9276f8bf209548f5466 392330 libdevel optional libsndfile1-dev_1.0.25-9.1+deb7u2_amd64.deb 550e325117b14487b5fa96f03b782e51 245128 libs optional libsndfile1_1.0.25-9.1+deb7u2_amd64.deb ea4c4d02a618af20735a6d91e406dc77 120190 utils optional sndfile-programs_1.0.25-9.1+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlkqsjRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR2u6EAC+Po7KJ1ejpeBF41I7EM6GrB2AB4Aq lW1Gtx8WlkltDzSONAmcExCVNBqWAdfiqSSPETwx8O+orTkez0hUjNqtpZRor45m /2y7qsoRCrPYYWb5rhP4Kunai1wNJFwk5zBgeNlJCta2vqkpNcsSyskTAgTHgwf9 6w/aDKHFo9hQAbr2p9drss8FGdQY6M6fjkLkJRzV/LhhJl/gq1LByAXjvOsxQP12 mW0OthC9ZE2hCm+k8VAv4BuofjALaQWhbrlqV74MUebiYOOdK9Bs7E9MSYH8htui X3hthp0oT1Ig+mOt8BAolPuGSTZhLgLyKaS848ztqfL/TNZ6FNAX9aa5XnICjC+J 0oDMUSnP5GpMGoBkyZPJHkzyT6cOvo9uaRVF0WSqD9xlSWM090rzC0wqS1tPl5kc /qx8eE0qS+ON6lpWLYky52sA+t92rqo/F96QNAPzGyTKoVQxdclFcj+gek4YHo00 S+k6NDBK1o9UflWym9d8q7ADj3nALMFO4hXLAZl6DcIOPO26nsrfetjIu6GwuKoX LPfcbGJnT9/iONSWxbFAaE8jy4gz9c66A3zIjovQNjuFo/P0WS4g2hn9U718fmln v4dqV7cZKD4z5kcEgDKg4Yw2az7MWI61Rr/3xShoqLeV80HYI8p/aA7lqFW+r63I BKPp290EQvvgNw== =g4cA -----END PGP SIGNATURE-----