[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
** Changed in: audiofile (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
This bug was fixed in the package audiofile - 0.3.6-3ubuntu0.1 --- audiofile (0.3.6-3ubuntu0.1) yakkety-security; urgency=high * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005) - Apply patches from Debian 0.3.6-4: + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch + 05_Always-check-the-number-of-coefficients.patch + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch + 07_Check-for-multiplication-overflow-in-sfconvert.patch + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch + 09_Actually-fail-when-error-occurs-in-parseFormat.patch + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839 -- Jeremy Bicha Thu, 16 Mar 2017 21:43:45 +0100 ** Changed in: audiofile (Ubuntu Yakkety) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
This bug was fixed in the package audiofile - 0.3.3-2ubuntu0.3 --- audiofile (0.3.3-2ubuntu0.3) precise-security; urgency=medium * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005) - Apply patches backported from Debian 0.3.6-4: + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch + 05_Always-check-the-number-of-coefficients.patch + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch + 07_Check-for-multiplication-overflow-in-sfconvert.patch + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch + 09_Actually-fail-when-error-occurs-in-parseFormat.patch + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839 * debian/patches/sfconvert_error_handling.patch: improve sfconvert error handling so we can test the reproducers. -- Marc Deslauriers Wed, 22 Mar 2017 10:39:00 -0400 ** Changed in: audiofile (Ubuntu Trusty) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
This bug was fixed in the package audiofile - 0.3.6-2ubuntu0.14.04.2 --- audiofile (0.3.6-2ubuntu0.14.04.2) trusty-security; urgency=high * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005) - Apply patches from Debian 0.3.6-4: + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch + 05_Always-check-the-number-of-coefficients.patch + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch + 07_Check-for-multiplication-overflow-in-sfconvert.patch + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch + 09_Actually-fail-when-error-occurs-in-parseFormat.patch + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839 -- Jeremy Bicha Thu, 16 Mar 2017 21:43:45 +0100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
This bug was fixed in the package audiofile - 0.3.6-2ubuntu0.16.04.1 --- audiofile (0.3.6-2ubuntu0.16.04.1) xenial-security; urgency=high * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005) - Apply patches from Debian 0.3.6-4: + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch + 05_Always-check-the-number-of-coefficients.patch + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch + 07_Check-for-multiplication-overflow-in-sfconvert.patch + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch + 09_Actually-fail-when-error-occurs-in-parseFormat.patch + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839 -- Jeremy Bicha Thu, 16 Mar 2017 21:43:45 +0100 ** Changed in: audiofile (Ubuntu Xenial) Status: New => Fix Released ** Changed in: audiofile (Ubuntu Precise) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
** Changed in: audiofile (Ubuntu) Importance: Undecided => Medium ** Changed in: audiofile (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: audiofile (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: audiofile (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: audiofile (Ubuntu Yakkety) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
ACK on the debdiffs in comments 1, 2 and 3. I'm building them now with a slight change to add a missing CVE. I'll publish them once I've finished backporting to precise and have tested precise and trusty. Thanks! ** Also affects: audiofile (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: audiofile (Ubuntu Precise) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
** Also affects: audiofile (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: audiofile (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
** Description changed: https://security-tracker.debian.org/tracker/source-package/audiofile http://openwall.com/lists/oss-security/2017/02/26/ + https://github.com/mpruett/audiofile/issues/32 + https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp + https://github.com/mpruett/audiofile/commit/c48e4c6503 + Fixed in Debian unstable 0.3.6-4 and synced to zesty. debdiffs attached for 14.04 LTS and up. For 12.04 LTS, audiofile was in main so someone should probably try to apply the patches there too. I've done no testing of these packages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
** Patch added: "audiofile-mar2017-security-trusty.debdiff" https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+attachment/4840083/+files/audiofile-mar2017-security-trusty.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
** Patch added: "audiofile-mar2017-security-xenial.debdiff" https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+attachment/4840082/+files/audiofile-mar2017-security-xenial.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
** Description changed: https://security-tracker.debian.org/tracker/source-package/audiofile http://openwall.com/lists/oss-security/2017/02/26/ - Fixed in Debian unstable and synced to zesty + Fixed in Debian unstable 0.3.6-4 and synced to zesty. + + debdiffs attached for 14.04 LTS and up. For 12.04 LTS, audiofile was in + main so someone should probably try to apply the patches there too. + + I've done no testing of these packages. ** Patch added: "audiofile-mar2017-security-yakkety.debdiff" https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+attachment/4840081/+files/audiofile-mar2017-security-yakkety.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674005] Re: audiofile: Multiple security issues from March 2017
** Tags removed: 2015-7747 ** Tags added: trusty xenial yakkety -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674005 Title: audiofile: Multiple security issues from March 2017 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1674005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
