Hi Balint, On 31/01/17 21:46, Balint Reczey wrote: > Log: > wavpack's issues don't affect wheezy > > The first part of the upstream patch is not needed since the > code is very different and not vulnerable. > The second part applies, but does not make any difference when > trying the exploits. Tested with valgrind on Wheezy.
These issues were found with address sanitizer, so I don't think checking with valgrind is enough (it's not the same). May be worth checking with asan (it should be available in wheezy's llvm 3.1). Cheers, Emilio