Salvatore Bonaccorso wrote: > Source: libsamplerate > Version: 0.1.8-8 > Severity: important > Tags: security upstream > > Hi, > > the following vulnerability was published for libsamplerate. > > CVE-2017-7697[0]: > | In libsamplerate before 0.1.9, a buffer over-read occurs in the > | calc_output_single function in src_sinc.c via a crafted audio file. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
This bug was reported within the last 24 hours, but was fixed over 6 months ago and released as part of version 0.1.9. Obviously, I cannot go back an retoactively update the changelog. Erik -- ---------------------------------------------------------------------- Erik de Castro Lopo http://www.mega-nerd.com/