commit libsndfile for openSUSE:Factory

Fri, 13 Jul 2018 01:17:21 -0700 

Hello community,

here is the log from the commit of package libsndfile for openSUSE:Factory 
checked in at 2018-07-13 10:16:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libsndfile (Old)
 and      /work/SRC/openSUSE:Factory/.libsndfile.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libsndfile"

Fri Jul 13 10:16:48 2018 rev:55 rq:621331 version:1.0.28

Changes:
--------
--- /work/SRC/openSUSE:Factory/libsndfile/libsndfile.changes    2018-06-15 
14:33:51.239603159 +0200
+++ /work/SRC/openSUSE:Factory/.libsndfile.new/libsndfile.changes       
2018-07-13 10:16:53.430136861 +0200
@@ -1,0 +2,7 @@
+Fri Jul  6 14:11:47 CEST 2018 - ti...@suse.de
+
+- Fix buffer overflow in sndfile-deinterlace, which isn't really a
+  security issue (bsc#1100167, CVE-2018-13139):
+  sndfile-deinterlace-channels-check.patch
+
+-------------------------------------------------------------------

New:
----
  sndfile-deinterlace-channels-check.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libsndfile.spec ++++++
--- /var/tmp/diff_new_pack.yHVOAL/_old  2018-07-13 10:16:54.634138287 +0200
+++ /var/tmp/diff_new_pack.yHVOAL/_new  2018-07-13 10:16:54.634138287 +0200
@@ -39,6 +39,7 @@
 # not yet upstreamed
 Patch32:        libsndfile-CVE-2017-17456-alaw-range-check.patch
 Patch33:        libsndfile-CVE-2017-17457-ulaw-range-check.patch
+Patch34:        sndfile-deinterlace-channels-check.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
@@ -94,6 +95,7 @@
 %patch31 -p1
 %patch32 -p1
 %patch33 -p1
+%patch34 -p1
 %patch100 -p1
 
 %build



++++++ sndfile-deinterlace-channels-check.patch ++++++
diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
index 5366031075ab..712cb96cda76 100644
--- a/programs/sndfile-deinterleave.c
+++ b/programs/sndfile-deinterleave.c
@@ -89,6 +89,11 @@ main (int argc, char **argv)
                exit (1) ;
                } ;
 
+       if (sfinfo.channels > MAX_CHANNELS)
+       {       printf ("\nError : Too many channels %d in input file '%s'.\n", 
sfinfo.channels, argv[1]) ;
+               exit (1) ;
+               }
+
        state.channels = sfinfo.channels ;
        sfinfo.channels = 1 ;

Reply via email to