Debian Package Tracker

general

source: audiofile (main)
version: 0.3.6-5
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Alessio Treglia [DMD]
arch: any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.3.6-2+deb8u2
o-o-sec: 0.3.6-2+deb8u2
oldstable: 0.3.6-4+deb9u1
stable: 0.3.6-5
testing: 0.3.6-5
unstable: 0.3.6-5

versioned links

0.3.6-2+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.3.6-4+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.3.6-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

audiofile-tools
libaudiofile-dev
libaudiofile1

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  http://www.68k.org/~michael/audiofile/ http://audiofile.68k.org/audiofile-(.*)\.tar\.gz

Created: 2017-11-21 Last update: 2020-02-17 19:51

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 3.9.8).

Created: 2018-04-16 Last update: 2020-01-21 05:05

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

Please fix it.

Created: 2019-07-07 Last update: 2019-10-21 00:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

Please fix it.

Created: 2019-07-02 Last update: 2019-10-21 00:30

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 1b48c190c5e23242ba2c9e98dc9a7cb47d78def1
Author: Ondřej Nový <onovy@debian.org>
Date:   Sat Jul 20 01:19:17 2019 +0200

    Use debhelper-compat instead of debian/compat

Created: 2019-07-20 Last update: 2020-02-13 12:36

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

Please fix it.

Created: 2019-07-02 Last update: 2019-10-21 00:30

3 ignored security issues in jessie low

There are 3 open security issues in jessie.

3 issues skipped by the security teams:

CVE-2018-17095: An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
CVE-2018-13440: The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

Please fix them.

Created: 2018-07-09 Last update: 2019-10-21 00:30

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

Please fix it.

Created: 2019-07-02 Last update: 2019-10-21 00:30

news

[rss feed]

[2019-04-14] Accepted audiofile 0.3.6-4+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2019-04-13] audiofile 0.3.6-5 MIGRATED to testing (Debian testing watch)
[2019-04-05] Accepted audiofile 0.3.6-5 (source) into unstable (Sebastian Ramacher)
[2017-03-29] Accepted audiofile 0.3.6-2+deb8u2 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-03-23] Accepted audiofile 0.3.4-2+deb7u1 (source amd64) into oldstable (Ola Lundqvist)
[2017-03-19] audiofile 0.3.6-4 MIGRATED to testing (Debian testing watch)
[2017-03-16] Accepted audiofile 0.3.6-4 (source) into unstable (Sebastian Ramacher)
[2016-06-28] Accepted audiofile 0.3.6-2+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates (James Cowgill)
[2016-06-17] audiofile 0.3.6-3 MIGRATED to testing (Debian testing watch)
[2016-06-14] Accepted audiofile 0.3.6-3 (source) into unstable (James Cowgill)
[2013-05-17] audiofile 0.3.6-2 MIGRATED to testing (Debian testing watch)
[2013-05-07] Accepted audiofile 0.3.6-2 (source amd64) (Alessio Treglia)
[2013-03-08] Accepted audiofile 0.3.6-1 (source amd64) (Alessio Treglia)
[2013-02-10] Accepted audiofile 0.3.5-1 (source amd64) (Alessio Treglia)
[2012-10-25] audiofile 0.3.4-2 MIGRATED to testing (Debian testing watch)
[2012-10-14] Accepted audiofile 0.3.4-2 (source amd64) (Alessio Treglia)
[2012-05-12] audiofile 0.3.4-1 MIGRATED to testing (Debian testing watch)
[2012-05-01] Accepted audiofile 0.3.4-1 (source amd64) (Alessio Treglia)
[2012-03-02] audiofile 0.3.3-3 MIGRATED to testing (Debian testing watch)
[2012-02-20] Accepted audiofile 0.3.3-3 (source amd64) (Alessio Treglia)
[2012-02-03] audiofile 0.3.3-2 MIGRATED to testing (Debian testing watch)
[2012-01-22] Accepted audiofile 0.3.3-2 (source amd64) (Alessio Treglia)
[2012-01-21] Accepted audiofile 0.3.3-1 (source amd64) (Alessio Treglia)
[2012-01-14] Accepted audiofile 0.2.7-1 (source amd64) (Alessio Treglia)
[2012-01-12] Accepted audiofile 0.3.3-1~exp1 (source amd64) (Alessio Treglia)
[2012-01-05] Accepted audiofile 0.3.2-1 (source amd64) (Alessio Treglia)
[2011-09-15] audiofile 0.2.7-0.1 MIGRATED to testing (Debian testing watch)
[2011-09-04] Accepted audiofile 0.2.7-0.1 (source amd64) (Alessio Treglia)
[2010-01-22] Accepted audiofile 0.2.6-6+etch1 (source i386) (Stefan Fritsch)
[2010-01-17] Accepted audiofile 0.2.6-7+lenny1 (source i386) (Stefan Fritsch)

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker