This bug was fixed in the package audiofile - 0.3.6-3ubuntu0.1 --------------- audiofile (0.3.6-3ubuntu0.1) yakkety-security; urgency=high
* SECURITY UPDATE: multiple vulnerabilities (LP: #1674005) - Apply patches from Debian 0.3.6-4: + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch + 05_Always-check-the-number-of-coefficients.patch + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch + 07_Check-for-multiplication-overflow-in-sfconvert.patch + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch + 09_Actually-fail-when-error-occurs-in-parseFormat.patch + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839 -- Jeremy Bicha <jbi...@ubuntu.com> Thu, 16 Mar 2017 21:43:45 +0100 ** Changed in: audiofile (Ubuntu Yakkety) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 Status in audiofile package in Ubuntu: Fix Released Status in audiofile source package in Precise: Fix Released Status in audiofile source package in Trusty: Fix Released Status in audiofile source package in Xenial: Fix Released Status in audiofile source package in Yakkety: Fix Released Bug description: https://security-tracker.debian.org/tracker/source-package/audiofile http://openwall.com/lists/oss-security/2017/02/26/ https://github.com/mpruett/audiofile/issues/32 https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp https://github.com/mpruett/audiofile/commit/c48e4c6503 Fixed in Debian unstable 0.3.6-4 and synced to zesty. debdiffs attached for 14.04 LTS and up. For 12.04 LTS, audiofile was in main so someone should probably try to apply the patches there too. I've done no testing of these packages. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp