libsndfile - Debian Package Tracker

general

source: libsndfile (main)
version: 1.2.2-1
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: IOhannes m zmölnig (Debian/GNU) [DMD]
arch: any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.28-6+deb10u1
o-o-sec: 1.0.28-6+deb10u2
oldstable: 1.0.31-2
stable: 1.2.0-1
testing: 1.2.2-1
unstable: 1.2.2-1

versioned links

1.0.28-6+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.28-6+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.31-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsndfile1 (2 bugs: 0, 2, 0, 0)
libsndfile1-dev (1 bugs: 0, 1, 0, 0)
sndfile-programs

action needed

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

remote: GitLab is not responding fatal: unable to access 'https://salsa.debian.org/multimedia-team/libsndfile.git/': The requested URL returned error: 502

Created: 2023-10-02 Last update: 2023-10-02 14:03

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
CVE-2022-33065: Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

Created: 2023-07-22 Last update: 2023-09-14 06:31

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2022-33064: An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
CVE-2022-33065: Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

Created: 2023-07-22 Last update: 2023-09-14 06:31

debian/patches: 1 patch with invalid metadata high

Among the 1 debian patch available in version 1.2.2-1 of the package, we noticed the following issues:

1 patch with invalid metadata that ought to be fixed.

Created: 2023-02-26 Last update: 2023-08-31 10:00

Depends on packages which need a new maintainer normal

The packages that libsndfile depends on which need a new maintainer are:

autogen (#1010062)
- Build-Depends: autogen

Created: 2022-04-23 Last update: 2023-10-04 18:09

3 low-priority security issues in bullseye low

There are 3 open security issues in bullseye.

3 issues left for the package maintainer to handle:

CVE-2021-4156: (needs triaging) An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.
CVE-2022-33064: (needs triaging) An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
CVE-2022-33065: (needs triaging) Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-09-14 06:31

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2022-33064: (needs triaging) An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.
CVE-2022-33065: (needs triaging) Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-07-22 Last update: 2023-09-14 06:31

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2021-01-12 Last update: 2021-01-12 00:05

news

[rss feed]

[2023-09-02] libsndfile 1.2.2-1 MIGRATED to testing (Debian testing watch)
[2023-08-30] Accepted libsndfile 1.2.2-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2023-01-03] libsndfile 1.2.0-1 MIGRATED to testing (Debian testing watch)
[2022-12-31] Accepted libsndfile 1.2.0-1 (source) into unstable (Dennis Braun)
[2022-10-08] libsndfile 1.1.0-3 MIGRATED to testing (Debian testing watch)
[2022-10-06] Accepted libsndfile 1.1.0-3 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-09-29] Accepted libsndfile 1.0.28-6+deb10u2 (source) into oldstable (Thorsten Alteholz)
[2022-09-10] libsndfile 1.1.0-2 MIGRATED to testing (Debian testing watch)
[2022-09-10] libsndfile 1.1.0-2 MIGRATED to testing (Debian testing watch)
[2022-09-08] Accepted libsndfile 1.1.0-2 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-09-06] Accepted libsndfile 1.1.0-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-06-26] Accepted libsndfile 1.0.27-3+deb9u3 (source amd64) into oldoldstable (Thorsten Alteholz)
[2021-08-01] libsndfile 1.0.31-2 MIGRATED to testing (Debian testing watch)
[2021-07-31] Accepted libsndfile 1.0.28-6+deb10u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-07-30] Accepted libsndfile 1.0.28-6+deb10u1 (source amd64) into stable->embargoed, stable (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-07-29] Accepted libsndfile 1.0.27-3+deb9u2 (source amd64) into oldstable (Thorsten Alteholz)
[2021-07-26] Accepted libsndfile 1.0.31-2 (source) into unstable (Sebastian Ramacher)
[2021-02-01] libsndfile 1.0.31-1 MIGRATED to testing (Debian testing watch)
[2021-01-29] Accepted libsndfile 1.0.31-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2021-01-14] libsndfile 1.0.30-1 MIGRATED to testing (Debian testing watch)
[2021-01-11] Accepted libsndfile 1.0.30-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2020-10-29] Accepted libsndfile 1.0.27-3+deb9u1 (source amd64) into oldstable (Thorsten Alteholz)
[2020-05-31] libsndfile 1.0.28-8 MIGRATED to testing (Debian testing watch)
[2020-05-25] Accepted libsndfile 1.0.28-8 (source) into unstable (Mattia Rizzolo)
[2020-02-23] libsndfile 1.0.28-7 MIGRATED to testing (Debian testing watch)
[2020-02-18] Accepted libsndfile 1.0.28-7 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2019-03-19] libsndfile 1.0.28-6 MIGRATED to testing (Debian testing watch)
[2019-03-13] Accepted libsndfile 1.0.25-9.1+deb8u4 (source amd64) into oldstable (Emilio Pozuelo Monfort)
[2019-03-08] Accepted libsndfile 1.0.28-6 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2019-02-24] libsndfile 1.0.28-5 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 5
RC: 0
I&N: 5
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.2-1
3 bugs