Source: libsndfile Version: 1.0.27-1 Severity: important Tags: security upstream Control: found -1 1.0.27-2
Hi, the following vulnerability was published for libsndfile. CVE-2017-7742[0]: | In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" | function (flac.c) can be exploited to cause a segmentation violation | (with read memory access) via a specially crafted FLAC file during a | resample attempt, a similar issue to CVE-2017-7585. Note that this is not the same as CVE-2017-7742, which is for the invalid memory write in flac_buffer_copy function which seems addressed with the patches applied in 1.0.27-2 already (unless I'm wrong, please double-check). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7742 Please adjust the affected versions in the BTS as needed. Regards, Salvatore