Debian Package Tracker
Register | Log in
Subscribe

libsndfile

Choose email to subscribe with

general
  • source: libsndfile (main)
  • version: 1.2.2-1
  • maintainer: Debian Multimedia Maintainers (archive) (DMD)
  • uploaders: IOhannes m zmölnig (Debian/GNU) [DMD]
  • arch: any
  • std-ver: 4.6.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.0.28-6+deb10u1
  • o-o-sec: 1.0.28-6+deb10u2
  • oldstable: 1.0.31-2
  • stable: 1.2.0-1
  • testing: 1.2.2-1
  • unstable: 1.2.2-1
versioned links
  • 1.0.28-6+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.0.28-6+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.0.31-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.2.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libsndfile1 (2 bugs: 0, 2, 0, 0)
  • libsndfile1-dev (1 bugs: 0, 1, 0, 0)
  • sndfile-programs
action needed
Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high
vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

remote: GitLab is not responding fatal: unable to access 'https://salsa.debian.org/multimedia-team/libsndfile.git/': The requested URL returned error: 502
Created: 2023-10-02 Last update: 2023-10-02 14:03
2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:
  • CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
  • CVE-2022-33065: Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.
Created: 2023-07-22 Last update: 2023-09-14 06:31
2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:
  • CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
  • CVE-2022-33065: Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.
Created: 2023-07-22 Last update: 2023-09-14 06:31
debian/patches: 1 patch with invalid metadata high

Among the 1 debian patch available in version 1.2.2-1 of the package, we noticed the following issues:

  • 1 patch with invalid metadata that ought to be fixed.
Created: 2023-02-26 Last update: 2023-08-31 10:00
Depends on packages which need a new maintainer normal
The packages that libsndfile depends on which need a new maintainer are:
  • autogen (#1010062)
    • Build-Depends: autogen
Created: 2022-04-23 Last update: 2023-10-04 18:09
3 low-priority security issues in bullseye low

There are 3 open security issues in bullseye.

3 issues left for the package maintainer to handle:
  • CVE-2021-4156: (needs triaging) An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.
  • CVE-2022-33064: (needs triaging) An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
  • CVE-2022-33065: (needs triaging) Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-09-14 06:31
2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:
  • CVE-2022-33064: (needs triaging) An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
  • CVE-2022-33065: (needs triaging) Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-07-22 Last update: 2023-09-14 06:31
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2021-01-12 Last update: 2021-01-12 00:05
news
[rss feed]
  • [2023-09-02] libsndfile 1.2.2-1 MIGRATED to testing (Debian testing watch)
  • [2023-08-30] Accepted libsndfile 1.2.2-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
  • [2023-01-03] libsndfile 1.2.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-12-31] Accepted libsndfile 1.2.0-1 (source) into unstable (Dennis Braun)
  • [2022-10-08] libsndfile 1.1.0-3 MIGRATED to testing (Debian testing watch)
  • [2022-10-06] Accepted libsndfile 1.1.0-3 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
  • [2022-09-29] Accepted libsndfile 1.0.28-6+deb10u2 (source) into oldstable (Thorsten Alteholz)
  • [2022-09-10] libsndfile 1.1.0-2 MIGRATED to testing (Debian testing watch)
  • [2022-09-10] libsndfile 1.1.0-2 MIGRATED to testing (Debian testing watch)
  • [2022-09-08] Accepted libsndfile 1.1.0-2 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
  • [2022-09-06] Accepted libsndfile 1.1.0-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
  • [2022-06-26] Accepted libsndfile 1.0.27-3+deb9u3 (source amd64) into oldoldstable (Thorsten Alteholz)
  • [2021-08-01] libsndfile 1.0.31-2 MIGRATED to testing (Debian testing watch)
  • [2021-07-31] Accepted libsndfile 1.0.28-6+deb10u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
  • [2021-07-30] Accepted libsndfile 1.0.28-6+deb10u1 (source amd64) into stable->embargoed, stable (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
  • [2021-07-29] Accepted libsndfile 1.0.27-3+deb9u2 (source amd64) into oldstable (Thorsten Alteholz)
  • [2021-07-26] Accepted libsndfile 1.0.31-2 (source) into unstable (Sebastian Ramacher)
  • [2021-02-01] libsndfile 1.0.31-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-29] Accepted libsndfile 1.0.31-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
  • [2021-01-14] libsndfile 1.0.30-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-11] Accepted libsndfile 1.0.30-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
  • [2020-10-29] Accepted libsndfile 1.0.27-3+deb9u1 (source amd64) into oldstable (Thorsten Alteholz)
  • [2020-05-31] libsndfile 1.0.28-8 MIGRATED to testing (Debian testing watch)
  • [2020-05-25] Accepted libsndfile 1.0.28-8 (source) into unstable (Mattia Rizzolo)
  • [2020-02-23] libsndfile 1.0.28-7 MIGRATED to testing (Debian testing watch)
  • [2020-02-18] Accepted libsndfile 1.0.28-7 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
  • [2019-03-19] libsndfile 1.0.28-6 MIGRATED to testing (Debian testing watch)
  • [2019-03-13] Accepted libsndfile 1.0.25-9.1+deb8u4 (source amd64) into oldstable (Emilio Pozuelo Monfort)
  • [2019-03-08] Accepted libsndfile 1.0.28-6 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
  • [2019-02-24] libsndfile 1.0.28-5 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 5
  • RC: 0
  • I&N: 5
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, checks, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.2.2-1
  • 3 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing