audiofile - Debian Package Tracker

general

source: audiofile (main)
version: 0.3.6-5
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Alessio Treglia [DMD]
arch: any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.3.6-4+deb9u1
oldstable: 0.3.6-5
stable: 0.3.6-5
testing: 0.3.6-5
unstable: 0.3.6-5

versioned links

0.3.6-4+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.3.6-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

audiofile-tools
libaudiofile-dev
libaudiofile1

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  http://www.68k.org/~michael/audiofile/ http://audiofile.68k.org/audiofile-(.*)\.tar\.gz

Created: 2020-06-29 Last update: 2022-05-20 12:34

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 3.9.8).

Created: 2018-04-16 Last update: 2022-05-11 23:24

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
CVE-2022-24599: In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

Created: 2021-02-19 Last update: 2022-03-20 18:06

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
CVE-2022-24599: In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

Created: 2021-08-15 Last update: 2022-03-20 18:06

lintian reports 1 error and 21 warnings high

Lintian reports 1 error and 21 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2021-10-13 21:31

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2022-03-11 Last update: 2022-05-19 22:33

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.3.6-6, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 4a98ae6546bb622e940780904683f90a195844ef
Merge: d8747f6 4512cee
Author: Dennis Braun <d_braun@kabelmail.de>
Date:   Tue Oct 12 15:45:02 2021 +0000

    Merge branch 'scrub-obsolete' into 'master'
    
    Remove unnecessary constraints
    
    See merge request multimedia-team/audiofile!3

commit 4512ceef33f461856e0ac8eebaf6e2023e1647f8
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Mon Oct 11 23:57:20 2021 +0000

    Remove constraints unnecessary since buster
    
    * audiofile-tools: Drop versioned constraint on libaudiofile-dev in Replaces.
    * audiofile-tools: Drop versioned constraint on libaudiofile-dev in Breaks.
    
    Changes-By: deb-scrub-obsolete

commit d8747f6532cb8d03c2018066bb60e67bf7682fbe
Merge: 1b48c19 9e71db9
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Mar 7 09:09:41 2020 +0000

    Merge branch 'lintian-fixes' into 'master'
    
    Fix some issues reported by lintian
    
    See merge request multimedia-team/audiofile!2

commit 9e71db9ccca8b8a50d99758936dfadec279df05d
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:40:16 2019 +0000

    Drop transition for old debug package migration.
    
    Fixes lintian: debug-symbol-migration-possibly-complete
    See https://lintian.debian.org/tags/debug-symbol-migration-possibly-complete.html for more details.

commit 6118ba458accccdbe067ee4b7a0cb3e3ff838e57
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:39:52 2019 +0000

    Fix day-of-week for changelog entry 0.1.5-3.
    
    Fixes lintian: debian-changelog-has-wrong-day-of-week
    See https://lintian.debian.org/tags/debian-changelog-has-wrong-day-of-week.html for more details.

commit 532349c974037694550b3682636bb3291c23803a
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:39:31 2019 +0000

    Drop unnecessary dh arguments: --parallel
    
    Fixes lintian: debian-rules-uses-unnecessary-dh-argument
    See https://lintian.debian.org/tags/debian-rules-uses-unnecessary-dh-argument.html for more details.

commit 219a52497bd9e9854416c0af9470777aaa484d69
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:39:09 2019 +0000

    Drop unnecessary dependency on dh-autoreconf.
    
    Fixes lintian: useless-autoreconf-build-depends
    See https://lintian.debian.org/tags/useless-autoreconf-build-depends.html for more details.

commit f6d1c349e1b9f4328874d2b9bd1edcafb4232655
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:38:47 2019 +0000

    Set upstream metadata fields: Bug-Database, Repository, Repository-Browse.
    
    Fixes lintian: upstream-metadata-file-is-missing
    See https://lintian.debian.org/tags/upstream-metadata-file-is-missing.html for more details.

commit a7e05412fda5fef67f672f1eb8b447ddb70869bc
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:38:20 2019 +0000

    Bump debhelper from old 9 to 10.
    
    Fixes lintian: package-uses-old-debhelper-compat-version
    See https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html for more details.

commit f931c4aac1bf4d31e346e0089a30de49912bdfbf
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:37:57 2019 +0000

    Use secure URI in Homepage field.
    
    Fixes lintian: homepage-field-uses-insecure-uri
    See https://lintian.debian.org/tags/homepage-field-uses-insecure-uri.html for more details.

commit 04fe01fb08b85ece3ea05e1a515431bba4d52f8a
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:37:32 2019 +0000

    Trim trailing whitespace.
    
    Fixes lintian: file-contains-trailing-whitespace
    See https://lintian.debian.org/tags/file-contains-trailing-whitespace.html for more details.

commit 1b48c190c5e23242ba2c9e98dc9a7cb47d78def1
Author: Ondřej Nový <onovy@debian.org>
Date:   Sat Jul 20 01:19:17 2019 +0200

    Use debhelper-compat instead of debian/compat

Created: 2019-07-20 Last update: 2022-05-18 13:11

2 low-priority security issues in buster low

There are 2 open security issues in buster.

1 issue left for the package maintainer to handle:

CVE-2022-24599: (needs triaging) In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

Created: 2021-02-19 Last update: 2022-03-20 18:06

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

1 issue left for the package maintainer to handle:

CVE-2022-24599: (needs triaging) In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

Created: 2021-08-14 Last update: 2022-03-20 18:06

news

[rss feed]

[2019-04-14] Accepted audiofile 0.3.6-4+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2019-04-13] audiofile 0.3.6-5 MIGRATED to testing (Debian testing watch)
[2019-04-05] Accepted audiofile 0.3.6-5 (source) into unstable (Sebastian Ramacher)
[2017-03-29] Accepted audiofile 0.3.6-2+deb8u2 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-03-23] Accepted audiofile 0.3.4-2+deb7u1 (source amd64) into oldstable (Ola Lundqvist)
[2017-03-19] audiofile 0.3.6-4 MIGRATED to testing (Debian testing watch)
[2017-03-16] Accepted audiofile 0.3.6-4 (source) into unstable (Sebastian Ramacher)
[2016-06-28] Accepted audiofile 0.3.6-2+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates (James Cowgill)
[2016-06-17] audiofile 0.3.6-3 MIGRATED to testing (Debian testing watch)
[2016-06-14] Accepted audiofile 0.3.6-3 (source) into unstable (James Cowgill)
[2013-05-17] audiofile 0.3.6-2 MIGRATED to testing (Debian testing watch)
[2013-05-07] Accepted audiofile 0.3.6-2 (source amd64) (Alessio Treglia)
[2013-03-08] Accepted audiofile 0.3.6-1 (source amd64) (Alessio Treglia)
[2013-02-10] Accepted audiofile 0.3.5-1 (source amd64) (Alessio Treglia)
[2012-10-25] audiofile 0.3.4-2 MIGRATED to testing (Debian testing watch)
[2012-10-14] Accepted audiofile 0.3.4-2 (source amd64) (Alessio Treglia)
[2012-05-12] audiofile 0.3.4-1 MIGRATED to testing (Debian testing watch)
[2012-05-01] Accepted audiofile 0.3.4-1 (source amd64) (Alessio Treglia)
[2012-03-02] audiofile 0.3.3-3 MIGRATED to testing (Debian testing watch)
[2012-02-20] Accepted audiofile 0.3.3-3 (source amd64) (Alessio Treglia)
[2012-02-03] audiofile 0.3.3-2 MIGRATED to testing (Debian testing watch)
[2012-01-22] Accepted audiofile 0.3.3-2 (source amd64) (Alessio Treglia)
[2012-01-21] Accepted audiofile 0.3.3-1 (source amd64) (Alessio Treglia)
[2012-01-14] Accepted audiofile 0.2.7-1 (source amd64) (Alessio Treglia)
[2012-01-12] Accepted audiofile 0.3.3-1~exp1 (source amd64) (Alessio Treglia)
[2012-01-05] Accepted audiofile 0.3.2-1 (source amd64) (Alessio Treglia)
[2011-09-15] audiofile 0.2.7-0.1 MIGRATED to testing (Debian testing watch)
[2011-09-04] Accepted audiofile 0.2.7-0.1 (source amd64) (Alessio Treglia)
[2010-01-22] Accepted audiofile 0.2.6-6+etch1 (source i386) (Stefan Fritsch)
[2010-01-17] Accepted audiofile 0.2.6-7+lenny1 (source i386) (Stefan Fritsch)

bugs [bug history graph]

all: 5
RC: 0
I&N: 3
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (1, 21)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.3.6-5build1
2 bugs