Hello community, here is the log from the commit of package libsndfile for openSUSE:Factory checked in at 2018-07-13 10:16:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsndfile (Old) and /work/SRC/openSUSE:Factory/.libsndfile.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsndfile" Fri Jul 13 10:16:48 2018 rev:55 rq:621331 version:1.0.28 Changes: -------- --- /work/SRC/openSUSE:Factory/libsndfile/libsndfile.changes 2018-06-15 14:33:51.239603159 +0200 +++ /work/SRC/openSUSE:Factory/.libsndfile.new/libsndfile.changes 2018-07-13 10:16:53.430136861 +0200 @@ -1,0 +2,7 @@ +Fri Jul 6 14:11:47 CEST 2018 - ti...@suse.de + +- Fix buffer overflow in sndfile-deinterlace, which isn't really a + security issue (bsc#1100167, CVE-2018-13139): + sndfile-deinterlace-channels-check.patch + +------------------------------------------------------------------- New: ---- sndfile-deinterlace-channels-check.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsndfile.spec ++++++ --- /var/tmp/diff_new_pack.yHVOAL/_old 2018-07-13 10:16:54.634138287 +0200 +++ /var/tmp/diff_new_pack.yHVOAL/_new 2018-07-13 10:16:54.634138287 +0200 @@ -39,6 +39,7 @@ # not yet upstreamed Patch32: libsndfile-CVE-2017-17456-alaw-range-check.patch Patch33: libsndfile-CVE-2017-17457-ulaw-range-check.patch +Patch34: sndfile-deinterlace-channels-check.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: alsa-devel @@ -94,6 +95,7 @@ %patch31 -p1 %patch32 -p1 %patch33 -p1 +%patch34 -p1 %patch100 -p1 %build ++++++ sndfile-deinterlace-channels-check.patch ++++++ diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c index 5366031075ab..712cb96cda76 100644 --- a/programs/sndfile-deinterleave.c +++ b/programs/sndfile-deinterleave.c @@ -89,6 +89,11 @@ main (int argc, char **argv) exit (1) ; } ; + if (sfinfo.channels > MAX_CHANNELS) + { printf ("\nError : Too many channels %d in input file '%s'.\n", sfinfo.channels, argv[1]) ; + exit (1) ; + } + state.channels = sfinfo.channels ; sfinfo.channels = 1 ;