On Nov 25 05:47:53, mich...@codesand.org wrote: > Looks like the newest heap based overflow vulnerability is also > patched with this. > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7805 > POC: http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
Yes; I forgot to mention that, thanks. Version 1.0.26 (2015-11-22) * Fix for CVE-2014-9496, SD2 buffer read overflow. * Fix for CVE-2014-9756, file_io.c divide by zero. * Fix for CVE-2015-7805, AIFF heap write overflow. * ...