Debian Package Tracker

general

source: wavpack (main)
version: 5.1.0-2
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Sebastian Dröge [DMD]
arch: any
std-ver: 4.0.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.60.1-3
oldstable: 4.70.0-1
stable: 5.0.0-2+deb9u1
stable-sec: 5.0.0-2+deb9u1
testing: 5.1.0-2
unstable: 5.1.0-2

versioned links

4.60.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.70.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.0.0-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.1.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libwavpack-dev
libwavpack1
wavpack

action needed

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
CVE-2018-7254: The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.

Please fix them.

Created: 2018-02-07 Last update: 2018-03-21 08:01

3 security issues in buster high

There are 3 open security issues in buster.

3 important issues:

CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
CVE-2018-7254: The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.

Please fix them.

Created: 2018-02-07 Last update: 2018-03-21 08:01

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2017-12-26 Last update: 2018-04-26 02:07

3 new commits since last upload, time to release an update? normal

vcswatch reports that this package seems to have new commits in its VCS. You should consider updating the debian/changelog and uploading this new version into the archive.

Created: 2018-02-20 Last update: 2018-04-21 14:17

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2017-06-19 Last update: 2018-04-14 07:57

1 ignored security issue in wheezy low

There is 1 open security issue in wheezy.

1 issue skipped by the security teams:

CVE-2016-10169: The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.

Please fix it.

Created: 2017-12-30 Last update: 2018-03-21 08:01

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2016-10169: The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.

Please fix it.

Created: 2017-01-29 Last update: 2018-03-21 08:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.4 instead of 4.0.0).

Created: 2018-02-28 Last update: 2018-04-16 20:49

news

[rss feed]

[2018-03-02] Accepted wavpack 5.0.0-2+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Sebastien Delafond)
[2018-02-27] Accepted wavpack 5.0.0-2+deb9u1 (source amd64) into stable->embargoed, stable (Sebastien Delafond)
[2017-07-15] wavpack 5.1.0-2 MIGRATED to testing (Debian testing watch)
[2017-07-09] Accepted wavpack 5.1.0-2 (source amd64) into unstable (Loïc Minier)
[2017-06-23] wavpack 5.1.0-1 MIGRATED to testing (Debian testing watch)
[2017-06-18] Accepted wavpack 5.1.0-1 (source) into unstable (Sebastian Ramacher)
[2017-02-04] wavpack 5.0.0-2 MIGRATED to testing (Debian testing watch)
[2017-01-30] Accepted wavpack 5.0.0-2 (source) into unstable (Sebastian Ramacher)
[2017-01-13] wavpack 5.0.0-1 MIGRATED to testing (Debian testing watch)
[2017-01-02] Accepted wavpack 5.0.0-1 (source) into unstable (Sebastian Ramacher)
[2016-04-11] wavpack 4.80.0-1 MIGRATED to testing (Debian testing watch)
[2016-04-05] Accepted wavpack 4.80.0-1 (source) into unstable (Sebastian Ramacher)
[2016-01-23] wavpack 4.75.2-2 MIGRATED to testing (Debian testing watch)
[2016-01-17] Accepted wavpack 4.75.2-2 (source) into unstable (Sebastian Ramacher)
[2016-01-17] Accepted wavpack 4.75.2-1 (source) into unstable (Sebastian Ramacher)
[2015-06-16] wavpack 4.75.0-1 MIGRATED to testing (Britney)
[2015-06-10] Accepted wavpack 4.75.0-1 (source amd64) into unstable (Alessio Treglia)
[2013-11-11] wavpack 4.70.0-1 MIGRATED to testing (Debian testing watch)
[2013-10-31] Accepted wavpack 4.70.0-1 (source amd64) (Sebastian Dröge)
[2012-04-12] wavpack 4.60.1-3 MIGRATED to testing (Debian testing watch)
[2012-04-01] Accepted wavpack 4.60.1-3 (source amd64) (Alessio Treglia)
[2011-12-16] wavpack 4.60.1-2 MIGRATED to testing (Debian testing watch)
[2011-12-05] Accepted wavpack 4.60.1-2 (source amd64) (Alessio Treglia)
[2009-12-14] wavpack 4.60.1-1 MIGRATED to testing (Debian testing watch)
[2009-12-03] Accepted wavpack 4.60.1-1 (source amd64) (Sebastian Dröge)
[2009-10-15] wavpack 4.60.0-1 MIGRATED to testing (Debian testing watch)
[2009-10-05] Accepted wavpack 4.60.0-1 (source amd64) (Sebastian Dröge)
[2008-07-29] wavpack 4.50.1-1 MIGRATED to testing (Debian testing watch)
[2008-07-18] Accepted wavpack 4.50.1-1 (source i386) (Sebastian Dröge)
[2008-07-10] wavpack 4.50.0-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 6
RC: 3
I&N: 2
M&W: 1
F&P: 0

links

homepage
lintian (0, 4)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.1.0-2ubuntu1
2 bugs
patches for 5.1.0-2ubuntu1