audiofile - Debian Package Tracker

general

source: audiofile (main)
version: 0.3.6-5
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Alessio Treglia [DMD]
arch: any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.3.6-5
oldstable: 0.3.6-5
stable: 0.3.6-5
testing: 0.3.6-5
unstable: 0.3.6-5

versioned links

0.3.6-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

audiofile-tools
libaudiofile-dev
libaudiofile1

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  http://www.68k.org/~michael/audiofile/ http://audiofile.68k.org/audiofile-(.*)\.tar\.gz

Created: 2020-06-29 Last update: 2023-09-27 16:31

3 security issues in trixie high

There are 3 open security issues in trixie.

3 important issues:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
CVE-2020-18781: Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.
CVE-2022-24599: In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

Created: 2023-06-11 Last update: 2023-08-26 02:19

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
CVE-2020-18781: Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.
CVE-2022-24599: In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

Created: 2022-07-04 Last update: 2023-08-26 02:19

3 security issues in bullseye high

There are 3 open security issues in bullseye.

1 important issue:

CVE-2020-18781: Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.

1 issue left for the package maintainer to handle:

CVE-2022-24599: (needs triaging) In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

Created: 2022-07-04 Last update: 2023-08-26 02:19

3 security issues in bookworm high

There are 3 open security issues in bookworm.

1 important issue:

CVE-2020-18781: Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.

2 issues left for the package maintainer to handle:

CVE-2019-13147: (needs triaging) In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
CVE-2022-24599: (needs triaging) In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-10 Last update: 2023-08-26 02:19

3 security issues in buster high

There are 3 open security issues in buster.

1 important issue:

CVE-2020-18781: Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.

1 issue postponed or untriaged:

CVE-2022-24599: (needs triaging) In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

1 ignored issue:

CVE-2019-13147: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

Created: 2023-08-26 Last update: 2023-08-26 02:19

lintian reports 1 error and 21 warnings high

Lintian reports 1 error and 21 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2023-02-04 14:01

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 3.9.8).

Created: 2018-04-16 Last update: 2022-12-17 19:17

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.3.6-6, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 99a78244bde6066c63157754034cf41bd696de1b
Merge: 4a98ae6 6b96b19
Author: Dennis Braun <d_braun@kabelmail.de>
Date:   Sat Oct 15 14:56:34 2022 +0000

    Merge branch 'lintian-fixes' into 'master'
    
    Set upstream metadata fields: Bug-Submit
    
    See merge request multimedia-team/audiofile!4

commit 6b96b193eda83dbe587c095cdf085273119f113c
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Wed Oct 12 12:45:30 2022 +0000

    Set upstream metadata fields: Bug-Submit.
    
    Changes-By: lintian-brush
    Fixes: lintian: upstream-metadata-missing-bug-tracking
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-bug-tracking.html

commit 4a98ae6546bb622e940780904683f90a195844ef
Merge: d8747f6 4512cee
Author: Dennis Braun <d_braun@kabelmail.de>
Date:   Tue Oct 12 15:45:02 2021 +0000

    Merge branch 'scrub-obsolete' into 'master'
    
    Remove unnecessary constraints
    
    See merge request multimedia-team/audiofile!3

commit 4512ceef33f461856e0ac8eebaf6e2023e1647f8
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Mon Oct 11 23:57:20 2021 +0000

    Remove constraints unnecessary since buster
    
    * audiofile-tools: Drop versioned constraint on libaudiofile-dev in Replaces.
    * audiofile-tools: Drop versioned constraint on libaudiofile-dev in Breaks.
    
    Changes-By: deb-scrub-obsolete

commit d8747f6532cb8d03c2018066bb60e67bf7682fbe
Merge: 1b48c19 9e71db9
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Mar 7 09:09:41 2020 +0000

    Merge branch 'lintian-fixes' into 'master'
    
    Fix some issues reported by lintian
    
    See merge request multimedia-team/audiofile!2

commit 9e71db9ccca8b8a50d99758936dfadec279df05d
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:40:16 2019 +0000

    Drop transition for old debug package migration.
    
    Fixes lintian: debug-symbol-migration-possibly-complete
    See https://lintian.debian.org/tags/debug-symbol-migration-possibly-complete.html for more details.

commit 6118ba458accccdbe067ee4b7a0cb3e3ff838e57
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:39:52 2019 +0000

    Fix day-of-week for changelog entry 0.1.5-3.
    
    Fixes lintian: debian-changelog-has-wrong-day-of-week
    See https://lintian.debian.org/tags/debian-changelog-has-wrong-day-of-week.html for more details.

commit 532349c974037694550b3682636bb3291c23803a
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:39:31 2019 +0000

    Drop unnecessary dh arguments: --parallel
    
    Fixes lintian: debian-rules-uses-unnecessary-dh-argument
    See https://lintian.debian.org/tags/debian-rules-uses-unnecessary-dh-argument.html for more details.

commit 219a52497bd9e9854416c0af9470777aaa484d69
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:39:09 2019 +0000

    Drop unnecessary dependency on dh-autoreconf.
    
    Fixes lintian: useless-autoreconf-build-depends
    See https://lintian.debian.org/tags/useless-autoreconf-build-depends.html for more details.

commit f6d1c349e1b9f4328874d2b9bd1edcafb4232655
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:38:47 2019 +0000

    Set upstream metadata fields: Bug-Database, Repository, Repository-Browse.
    
    Fixes lintian: upstream-metadata-file-is-missing
    See https://lintian.debian.org/tags/upstream-metadata-file-is-missing.html for more details.

commit a7e05412fda5fef67f672f1eb8b447ddb70869bc
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:38:20 2019 +0000

    Bump debhelper from old 9 to 10.
    
    Fixes lintian: package-uses-old-debhelper-compat-version
    See https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html for more details.

commit f931c4aac1bf4d31e346e0089a30de49912bdfbf
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:37:57 2019 +0000

    Use secure URI in Homepage field.
    
    Fixes lintian: homepage-field-uses-insecure-uri
    See https://lintian.debian.org/tags/homepage-field-uses-insecure-uri.html for more details.

commit 04fe01fb08b85ece3ea05e1a515431bba4d52f8a
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Dec 27 01:37:32 2019 +0000

    Trim trailing whitespace.
    
    Fixes lintian: file-contains-trailing-whitespace
    See https://lintian.debian.org/tags/file-contains-trailing-whitespace.html for more details.

commit 1b48c190c5e23242ba2c9e98dc9a7cb47d78def1
Author: Ondřej Nový <onovy@debian.org>
Date:   Sat Jul 20 01:19:17 2019 +0200

    Use debhelper-compat instead of debian/compat

Created: 2019-07-20 Last update: 2023-09-24 07:15

debian/patches: 11 patches to forward upstream low

Among the 12 debian patches available in version 0.3.6-5 of the package, we noticed the following issues:

11 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-02-26 15:54

news

[rss feed]

[2019-04-14] Accepted audiofile 0.3.6-4+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2019-04-13] audiofile 0.3.6-5 MIGRATED to testing (Debian testing watch)
[2019-04-05] Accepted audiofile 0.3.6-5 (source) into unstable (Sebastian Ramacher)
[2017-03-29] Accepted audiofile 0.3.6-2+deb8u2 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-03-23] Accepted audiofile 0.3.4-2+deb7u1 (source amd64) into oldstable (Ola Lundqvist)
[2017-03-19] audiofile 0.3.6-4 MIGRATED to testing (Debian testing watch)
[2017-03-16] Accepted audiofile 0.3.6-4 (source) into unstable (Sebastian Ramacher)
[2016-06-28] Accepted audiofile 0.3.6-2+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates (James Cowgill)
[2016-06-17] audiofile 0.3.6-3 MIGRATED to testing (Debian testing watch)
[2016-06-14] Accepted audiofile 0.3.6-3 (source) into unstable (James Cowgill)
[2013-05-17] audiofile 0.3.6-2 MIGRATED to testing (Debian testing watch)
[2013-05-07] Accepted audiofile 0.3.6-2 (source amd64) (Alessio Treglia)
[2013-03-08] Accepted audiofile 0.3.6-1 (source amd64) (Alessio Treglia)
[2013-02-10] Accepted audiofile 0.3.5-1 (source amd64) (Alessio Treglia)
[2012-10-25] audiofile 0.3.4-2 MIGRATED to testing (Debian testing watch)
[2012-10-14] Accepted audiofile 0.3.4-2 (source amd64) (Alessio Treglia)
[2012-05-12] audiofile 0.3.4-1 MIGRATED to testing (Debian testing watch)
[2012-05-01] Accepted audiofile 0.3.4-1 (source amd64) (Alessio Treglia)
[2012-03-02] audiofile 0.3.3-3 MIGRATED to testing (Debian testing watch)
[2012-02-20] Accepted audiofile 0.3.3-3 (source amd64) (Alessio Treglia)
[2012-02-03] audiofile 0.3.3-2 MIGRATED to testing (Debian testing watch)
[2012-01-22] Accepted audiofile 0.3.3-2 (source amd64) (Alessio Treglia)
[2012-01-21] Accepted audiofile 0.3.3-1 (source amd64) (Alessio Treglia)
[2012-01-14] Accepted audiofile 0.2.7-1 (source amd64) (Alessio Treglia)
[2012-01-12] Accepted audiofile 0.3.3-1~exp1 (source amd64) (Alessio Treglia)
[2012-01-05] Accepted audiofile 0.3.2-1 (source amd64) (Alessio Treglia)
[2011-09-15] audiofile 0.2.7-0.1 MIGRATED to testing (Debian testing watch)
[2011-09-04] Accepted audiofile 0.2.7-0.1 (source amd64) (Alessio Treglia)
[2010-01-22] Accepted audiofile 0.2.6-6+etch1 (source i386) (Stefan Fritsch)
[2010-01-17] Accepted audiofile 0.2.6-7+lenny1 (source i386) (Stefan Fritsch)

bugs [bug history graph]

all: 6
RC: 0
I&N: 3
M&W: 3
F&P: 0
patch: 0

links

homepage
lintian (1, 21)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.3.6-5build2
2 bugs