Register | Log in

wavpack

audio codec (lossy and lossless) - encoder and decoder

Choose email to subscribe with

general

source: wavpack (main)
version: 5.1.0-7
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Sebastian Dröge [DMD] – Sebastian Ramacher [DMD]
arch: any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.70.0-1
oldstable: 5.0.0-2+deb9u2
old-sec: 5.0.0-2+deb9u2
stable: 5.1.0-6
testing: 5.1.0-7
unstable: 5.1.0-7

versioned links

4.70.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.0.0-2+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.1.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.1.0-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libwavpack-dev
libwavpack1
wavpack (1 bugs: 0, 0, 1, 0)

action needed

6 ignored security issues in stretch low

There are 6 open security issues in stretch.

6 issues skipped by the security teams:

CVE-2019-11498: WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
CVE-2019-1010319: WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
CVE-2019-1010317: WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.
CVE-2019-1010315: WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.
CVE-2018-19840: The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
CVE-2018-19841: The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

Please fix them.

Created: 2018-12-04 Last update: 2019-07-23 08:18

6 ignored security issues in jessie low

There are 6 open security issues in jessie.

6 issues skipped by the security teams:

CVE-2018-19841: The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
CVE-2016-10169: The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
CVE-2019-1010319: WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
CVE-2019-1010317: WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.
CVE-2019-1010315: WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.
CVE-2018-19840: The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

Please fix them.

Created: 2017-01-29 Last update: 2019-07-23 08:18

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2019-1010319: WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
CVE-2019-1010317: WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.

Please fix them.

Created: 2019-07-12 Last update: 2019-07-23 08:18

news

[2019-07-20] wavpack 5.1.0-7 MIGRATED to testing (Debian testing watch)
[2019-07-14] Accepted wavpack 5.1.0-7 (source) into unstable (Sebastian Ramacher)
[2019-05-04] wavpack 5.1.0-6 MIGRATED to testing (Debian testing watch)
[2019-04-28] Accepted wavpack 5.1.0-6 (source) into unstable (Sebastian Ramacher)
[2018-12-11] wavpack 5.1.0-5 MIGRATED to testing (Debian testing watch)
[2018-12-05] Accepted wavpack 5.1.0-5 (source) into unstable (Sebastian Ramacher)
[2018-08-03] wavpack 5.1.0-4 MIGRATED to testing (Debian testing watch)
[2018-07-28] Accepted wavpack 5.1.0-4 (source) into unstable (Sebastian Ramacher)
[2018-05-13] Accepted wavpack 5.0.0-2+deb9u2 (source) into proposed-updates->stable-new, proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2018-05-09] Accepted wavpack 5.0.0-2+deb9u2 (source) into stable->embargoed, stable (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2018-05-06] wavpack 5.1.0-3 MIGRATED to testing (Debian testing watch)
[2018-05-01] Accepted wavpack 5.1.0-3 (source) into unstable (Sebastian Ramacher)
[2018-03-02] Accepted wavpack 5.0.0-2+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Sebastien Delafond)
[2018-02-27] Accepted wavpack 5.0.0-2+deb9u1 (source amd64) into stable->embargoed, stable (Sebastien Delafond)
[2017-07-15] wavpack 5.1.0-2 MIGRATED to testing (Debian testing watch)
[2017-07-09] Accepted wavpack 5.1.0-2 (source amd64) into unstable (Loïc Minier)
[2017-06-23] wavpack 5.1.0-1 MIGRATED to testing (Debian testing watch)
[2017-06-18] Accepted wavpack 5.1.0-1 (source) into unstable (Sebastian Ramacher)
[2017-02-04] wavpack 5.0.0-2 MIGRATED to testing (Debian testing watch)
[2017-01-30] Accepted wavpack 5.0.0-2 (source) into unstable (Sebastian Ramacher)
[2017-01-13] wavpack 5.0.0-1 MIGRATED to testing (Debian testing watch)
[2017-01-02] Accepted wavpack 5.0.0-1 (source) into unstable (Sebastian Ramacher)
[2016-04-11] wavpack 4.80.0-1 MIGRATED to testing (Debian testing watch)
[2016-04-05] Accepted wavpack 4.80.0-1 (source) into unstable (Sebastian Ramacher)
[2016-01-23] wavpack 4.75.2-2 MIGRATED to testing (Debian testing watch)
[2016-01-17] Accepted wavpack 4.75.2-2 (source) into unstable (Sebastian Ramacher)
[2016-01-17] Accepted wavpack 4.75.2-1 (source) into unstable (Sebastian Ramacher)
[2015-06-16] wavpack 4.75.0-1 MIGRATED to testing (Britney)
[2015-06-10] Accepted wavpack 4.75.0-1 (source amd64) into unstable (Alessio Treglia)
[2013-11-11] wavpack 4.70.0-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.1.0-7
2 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing