[SECURITY] [DLA 3650-1] audiofile security update

To: <rouca@debian.org>,<debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3650-1] audiofile security update
From: Bastien Roucaries <rouca@debian.org>
Date: Sun, 12 Nov 2023 21:53:50 +0000
Message-id: <[🔎] ac23f802e55804cd17d7d837c0a9edd5.rouca@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3650-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
November 12, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : audiofile
Version        : 0.3.6-5+deb10u1
CVE ID         : CVE-2019-13147 CVE-2022-24599
Debian Bug     : 931343 1008017

The audiofile library allows the processing of audio data to and
from audio files of many common formats (currently AIFF, AIFF-C,
WAVE, NeXT/Sun, BICS, and raw data).

CVE-2019-13147

    Audiofile was vulnerable due to an integer overflow.
    Bail out early if NeXT audio files include too many channels.
    
CVE-2022-24599

    A memory leak was found due to reading not null
    terminated copyright field. Preallocate zeroed memory and
    always NUL terminates C strings.

For Debian 10 buster, these problems have been fixed in version
0.3.6-5+deb10u1.

We recommend that you upgrade your audiofile packages.

For the detailed security status of audiofile please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/audiofile

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVRSW4RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/tnxAAlLLTE3hwj91FsZaJ50XLEA5/NJKp+nLI
RiF6TZmJ/Muju/3pt4hEE8SDyCcYAbCDiP9JKyve+x8U+8fF1HbrQTQ7Ytq1mPRE
knI81K1rKRX0NoUXgNSR0ZPUnCGqb521xI7ZvcgMCJSK6TAiqoTy/dIKws0DwBcb
txt85gMU8I75V48IeUC4sx5ono6dosjFsCa45rsteQCsSy9k2aci94FaKv6jf4o2
Ye7gaUdTDSCoSIQdR810hSY2t+Cj+4+LkAd+SHMqm4hEbh+8AQNVfolHGKpD9lYO
qzdV1dCi5mF5W4XWqJpA3xgY9JHZIRv/1wjWTIuJUARxtTrzH9505kGtxTz2Z9K9
+f8ML2BhTem+i19ahSxRo2buKIp0Ybi71ZxtkGtBgNTSVAAJ0wo52ItX1xGnWRrh
BfJRmpuSNC/XG6+ihXsEebjiGger1QioHfBXeGW192Sg5wUwLPHuo2IjCdbubn+G
g4qVk+RpHBKQbWPGQcdPCOqynj9omb6JUbopNFRvH1wEVAwMcJP+ZSP07/xarboF
m68NWnQvqmhrnYXV0YW5Q903iWVRdsDpTLoD90GUQdPfkf5h0hOQoasfVK8P4Z0j
r+fur0nK97FpyDWHaexXcEFfQ3UaOqdh2FjGzfdul4hq1sth2ja5CQKe8P4wk55o
5YG3nSy3XvY=
=3Hfd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3649-1] python-urllib3 security update
Next by Date: [SECURITY] [DLA 3651-1] postgresql-11 security update
Previous by thread: [SECURITY] [DLA 3649-1] python-urllib3 security update
Next by thread: [SECURITY] [DLA 3651-1] postgresql-11 security update
Index(es):
- Date
- Thread