fix for CVE-2021-4156

To: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Subject: fix for CVE-2021-4156
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 25 Jun 2022 23:35:09 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2206252330240.30526@postfach.intern.alteholz.me>

Hi everybody,

in case you are interested, attached are debdiffs to fix CVE-2021-4156 inUnstable, Bullseye and Buster.So if you think this is worth fixing, you can either use this debdiff ortell me to do the upload.

The CVE is marked as no-dsa by the security team, so the upload forBullseye and Buster needs to go through PU ...


  Thorsten

diff -Nru libsndfile-1.0.28/debian/changelog libsndfile-1.0.28/debian/changelog
--- libsndfile-1.0.28/debian/changelog	2021-07-30 00:14:25.000000000 +0200
+++ libsndfile-1.0.28/debian/changelog	2022-06-25 22:03:02.000000000 +0200
@@ -1,3 +1,11 @@
+libsndfile (1.0.28-6+deb10u2) buster; urgency=medium
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2021-4156
+    heap out-of-bounds read
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Sat, 25 Jun 2022 22:03:02 +0200
+
 libsndfile (1.0.28-6+deb10u1) buster-security; urgency=medium
 
   * CVE-021-3246 (Closes: #991496)
diff -Nru libsndfile-1.0.28/debian/patches/CVE-2021-4156.patch libsndfile-1.0.28/debian/patches/CVE-2021-4156.patch
--- libsndfile-1.0.28/debian/patches/CVE-2021-4156.patch	1970-01-01 01:00:00.000000000 +0100
+++ libsndfile-1.0.28/debian/patches/CVE-2021-4156.patch	2022-06-25 22:03:02.000000000 +0200
@@ -0,0 +1,22 @@
+commit ced91d7b971be6173b604154c39279ce90ad87cc
+Author: yuan <ssspeed00@gmail.com>
+Date:   Tue Apr 20 16:16:32 2021 +0800
+
+    flac: Fix improper buffer reusing (#732)
+
+Index: libsndfile-1.0.28/src/flac.c
+===================================================================
+--- libsndfile-1.0.28.orig/src/flac.c	2022-01-26 15:18:31.287793980 +0100
++++ libsndfile-1.0.28/src/flac.c	2022-01-26 15:18:31.283793984 +0100
+@@ -945,7 +945,11 @@
+ 	/* Decode some more. */
+ 	while (pflac->pos < pflac->len)
+ 	{	if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++		{	psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++			/* Current frame is busted, so NULL the pointer. */
++			pflac->frame = NULL ;
+ 			break ;
++			} ;
+ 		state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ 		if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ 		{	psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
diff -Nru libsndfile-1.0.28/debian/patches/series libsndfile-1.0.28/debian/patches/series
--- libsndfile-1.0.28/debian/patches/series	2021-07-30 00:14:25.000000000 +0200
+++ libsndfile-1.0.28/debian/patches/series	2022-06-25 22:03:02.000000000 +0200
@@ -11,3 +11,5 @@
 src-wav.c-Fix-heap-read-overflow.patch
 Check-MAX_CHANNELS-in-sndfile-deinterleave.patch
 CVE-2021-3246.patch
+
+CVE-2021-4156.patch

diff -Nru libsndfile-1.0.31/debian/changelog libsndfile-1.0.31/debian/changelog
--- libsndfile-1.0.31/debian/changelog	2021-07-26 23:09:17.000000000 +0200
+++ libsndfile-1.0.31/debian/changelog	2022-06-25 22:03:02.000000000 +0200
@@ -1,3 +1,11 @@
+libsndfile (1.0.31-2+deb11u1) bullseye; urgency=medium
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2021-4156
+    heap out-of-bounds read
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Sat, 25 Jun 2022 22:03:02 +0200
+
 libsndfile (1.0.31-2) unstable; urgency=medium
 
   * Team upload
diff -Nru libsndfile-1.0.31/debian/patches/CVE-2021-4156.patch libsndfile-1.0.31/debian/patches/CVE-2021-4156.patch
--- libsndfile-1.0.31/debian/patches/CVE-2021-4156.patch	1970-01-01 01:00:00.000000000 +0100
+++ libsndfile-1.0.31/debian/patches/CVE-2021-4156.patch	2022-06-25 22:03:02.000000000 +0200
@@ -0,0 +1,22 @@
+commit ced91d7b971be6173b604154c39279ce90ad87cc
+Author: yuan <ssspeed00@gmail.com>
+Date:   Tue Apr 20 16:16:32 2021 +0800
+
+    flac: Fix improper buffer reusing (#732)
+
+diff --git a/src/flac.c b/src/flac.c
+index 64d0172e..e3320450 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+ 	/* Decode some more. */
+ 	while (pflac->pos < pflac->len)
+ 	{	if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++		{	psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++			/* Current frame is busted, so NULL the pointer. */
++			pflac->frame = NULL ;
+ 			break ;
++			} ;
+ 		state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ 		if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ 		{	psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
diff -Nru libsndfile-1.0.31/debian/patches/series libsndfile-1.0.31/debian/patches/series
--- libsndfile-1.0.31/debian/patches/series	2021-07-26 23:08:08.000000000 +0200
+++ libsndfile-1.0.31/debian/patches/series	2022-06-25 22:03:02.000000000 +0200
@@ -1,2 +1,4 @@
 fix_typos.patch
 0002-ms_adpcm-Fix-and-extend-size-checks.patch
+
+CVE-2021-4156.patch

diff -Nru libsndfile-1.0.31/debian/changelog libsndfile-1.0.31/debian/changelog
--- libsndfile-1.0.31/debian/changelog	2021-07-26 23:09:17.000000000 +0200
+++ libsndfile-1.0.31/debian/changelog	2022-06-25 18:03:02.000000000 +0200
@@ -1,3 +1,11 @@
+libsndfile (1.0.31-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2021-4156
+    heap out-of-bounds read
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Sat, 25 Jun 2022 18:03:02 +0200
+
 libsndfile (1.0.31-2) unstable; urgency=medium
 
   * Team upload
diff -Nru libsndfile-1.0.31/debian/patches/CVE-2021-4156.patch libsndfile-1.0.31/debian/patches/CVE-2021-4156.patch
--- libsndfile-1.0.31/debian/patches/CVE-2021-4156.patch	1970-01-01 01:00:00.000000000 +0100
+++ libsndfile-1.0.31/debian/patches/CVE-2021-4156.patch	2022-06-25 18:03:02.000000000 +0200
@@ -0,0 +1,22 @@
+commit ced91d7b971be6173b604154c39279ce90ad87cc
+Author: yuan <ssspeed00@gmail.com>
+Date:   Tue Apr 20 16:16:32 2021 +0800
+
+    flac: Fix improper buffer reusing (#732)
+
+diff --git a/src/flac.c b/src/flac.c
+index 64d0172e..e3320450 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+ 	/* Decode some more. */
+ 	while (pflac->pos < pflac->len)
+ 	{	if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++		{	psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++			/* Current frame is busted, so NULL the pointer. */
++			pflac->frame = NULL ;
+ 			break ;
++			} ;
+ 		state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ 		if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ 		{	psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
diff -Nru libsndfile-1.0.31/debian/patches/series libsndfile-1.0.31/debian/patches/series
--- libsndfile-1.0.31/debian/patches/series	2021-07-26 23:08:08.000000000 +0200
+++ libsndfile-1.0.31/debian/patches/series	2022-06-25 18:03:02.000000000 +0200
@@ -1,2 +1,4 @@
 fix_typos.patch
 0002-ms_adpcm-Fix-and-extend-size-checks.patch
+
+CVE-2021-4156.patch

Reply to:

Prev by Date: Bug#1013842: mjpegtools: Please remove dependency on install-info
Next by Date: Bug#1004637: libquicktime: FTBFS with ffmpeg 5.0
Previous by thread: Bug#1013842: mjpegtools: Please remove dependency on install-info
Next by thread: Bug#1004637: libquicktime: FTBFS with ffmpeg 5.0
Index(es):
- Date
- Thread