Debian Package Tracker
Register | Log in
Subscribe

wavpack

audio codec (lossy and lossless) - encoder and decoder

Choose email to subscribe with

general
  • source: wavpack (main)
  • version: 5.4.0-1
  • maintainer: Debian Multimedia Maintainers (archive) (DMD)
  • uploaders: Sebastian Dröge [DMD] – Sebastian Ramacher [DMD]
  • arch: any
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 5.0.0-2+deb9u2
  • old-sec: 5.0.0-2+deb9u3
  • stable: 5.1.0-6
  • testing: 5.4.0-1
  • unstable: 5.4.0-1
versioned links
  • 5.0.0-2+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.0.0-2+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.1.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.4.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libwavpack-dev
  • libwavpack1
  • wavpack (1 bugs: 0, 0, 1, 0)
action needed
3 low-priority security issues in buster low

There are 3 open security issues in buster.

3 issues left for the package maintainer to handle:
  • CVE-2019-1010317: (needs triaging) WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.
  • CVE-2019-1010319: (needs triaging) WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
  • CVE-2020-35738: (needs triaging) WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-03-21 19:04
news
[rss feed]
  • [2021-01-26] wavpack 5.4.0-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-20] Accepted wavpack 5.4.0-1 (source) into unstable (Sebastian Ramacher)
  • [2021-01-15] Accepted wavpack 5.0.0-2+deb9u3 (source amd64) into oldstable (Utkarsh Gupta)
  • [2021-01-04] wavpack 5.3.0-2 MIGRATED to testing (Debian testing watch)
  • [2020-12-30] Accepted wavpack 5.3.0-2 (source) into unstable (Sebastian Ramacher)
  • [2020-04-27] wavpack 5.3.0-1 MIGRATED to testing (Debian testing watch)
  • [2020-04-21] Accepted wavpack 5.3.0-1 (source) into unstable (Sebastian Ramacher)
  • [2020-01-05] wavpack 5.2.0-1 MIGRATED to testing (Debian testing watch)
  • [2019-12-31] Accepted wavpack 5.2.0-1 (source) into unstable (Sebastian Ramacher)
  • [2019-07-20] wavpack 5.1.0-7 MIGRATED to testing (Debian testing watch)
  • [2019-07-14] Accepted wavpack 5.1.0-7 (source) into unstable (Sebastian Ramacher)
  • [2019-05-04] wavpack 5.1.0-6 MIGRATED to testing (Debian testing watch)
  • [2019-04-28] Accepted wavpack 5.1.0-6 (source) into unstable (Sebastian Ramacher)
  • [2018-12-11] wavpack 5.1.0-5 MIGRATED to testing (Debian testing watch)
  • [2018-12-05] Accepted wavpack 5.1.0-5 (source) into unstable (Sebastian Ramacher)
  • [2018-08-03] wavpack 5.1.0-4 MIGRATED to testing (Debian testing watch)
  • [2018-07-28] Accepted wavpack 5.1.0-4 (source) into unstable (Sebastian Ramacher)
  • [2018-05-13] Accepted wavpack 5.0.0-2+deb9u2 (source) into proposed-updates->stable-new, proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
  • [2018-05-09] Accepted wavpack 5.0.0-2+deb9u2 (source) into stable->embargoed, stable (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
  • [2018-05-06] wavpack 5.1.0-3 MIGRATED to testing (Debian testing watch)
  • [2018-05-01] Accepted wavpack 5.1.0-3 (source) into unstable (Sebastian Ramacher)
  • [2018-03-02] Accepted wavpack 5.0.0-2+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Sebastien Delafond)
  • [2018-02-27] Accepted wavpack 5.0.0-2+deb9u1 (source amd64) into stable->embargoed, stable (Sebastien Delafond)
  • [2017-07-15] wavpack 5.1.0-2 MIGRATED to testing (Debian testing watch)
  • [2017-07-09] Accepted wavpack 5.1.0-2 (source amd64) into unstable (Loïc Minier)
  • [2017-06-23] wavpack 5.1.0-1 MIGRATED to testing (Debian testing watch)
  • [2017-06-18] Accepted wavpack 5.1.0-1 (source) into unstable (Sebastian Ramacher)
  • [2017-02-04] wavpack 5.0.0-2 MIGRATED to testing (Debian testing watch)
  • [2017-01-30] Accepted wavpack 5.0.0-2 (source) into unstable (Sebastian Ramacher)
  • [2017-01-13] wavpack 5.0.0-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 1
  • RC: 0
  • I&N: 0
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 5.4.0-1
  • 2 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing