Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libmysofa for openSUSE:Factory checked in at 2021-03-12 13:31:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libmysofa (Old) and /work/SRC/openSUSE:Factory/.libmysofa.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libmysofa" Fri Mar 12 13:31:12 2021 rev:9 rq:877730 version:1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libmysofa/libmysofa.changes 2020-09-15 16:24:46.254394629 +0200 +++ /work/SRC/openSUSE:Factory/.libmysofa.new.2401/libmysofa.changes 2021-03-12 13:31:34.930179609 +0100 @@ -1,0 +2,16 @@ +Mon Mar 1 22:28:48 UTC 2021 - Andreas Stieger <[email protected]> + +- update to 1.2: + * CVE-2020-36151: Incorrect handling of input data in + mysofa_resampler_reset_mem function [boo#1181978] + * CVE-2020-36148: Incorrect handling of input data in + verifyAttribute function [boo#1181981] + * CVE-2020-36152: Buffer overflow in readDataVar in + hdf/dataobject.c [boo#1181977] + * CVE-2020-36150: Incorrect handling of input data in loudness + function [boo#1181979] + * CVE-2020-36149: Incorrect handling of input data in + changeAttribute function [boo#1181980] + * Steinberg audio enhancements for symmetrical HRTFs + +------------------------------------------------------------------- @@ -19 +35 @@ - * Fixed CVE-2020-6860 + * Fixed CVE-2020-6860 [boo1182883] @@ -29 +45,19 @@ - * Fixed various security issues + * CVE-2019-20063: hdf/dataobject.c in libmysofa before 0.8 has + an uninitialized use of memory, as demonstrated by + mysofa2json [boo#1160040] + * CVE-2019-20016: improper restriction of recursive function + calls in readOHDRHeaderMessageDatatype in dataobject.c and + directblockRead in fractalhead.c may lead to stack + consumption [boo#1159839] + * CVE-2019-16091: out-of-bounds read in directblockRead in + hdf/fractalhead.c [boo#1149919] + * CVE-2019-16095: invalid read in getDimension in hrtf/reader.c + [boo#1149926] + * CVE-2019-16094: invalid read in + readOHDRHeaderMessageDataLayout in hdf/dataobject.c + [boo#1149924] + * CVE-2019-16093: invalid write in + readOHDRHeaderMessageDataLayout in hdf/dataobject.c + [boo#1149922] + * CVE-2019-16092: NULL pointer dereference in getHrtf in + hrtf/reader.c [boo#1149920] Old: ---- libmysofa-1.1.tar.gz New: ---- libmysofa-1.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libmysofa.spec ++++++ --- /var/tmp/diff_new_pack.1cnxly/_old 2021-03-12 13:31:37.142182712 +0100 +++ /var/tmp/diff_new_pack.1cnxly/_new 2021-03-12 13:31:37.146182717 +0100 @@ -1,7 +1,7 @@ # # spec file for package libmysofa # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define sover 1 %define __builder ninja Name: libmysofa -Version: 1.1 +Version: 1.2 Release: 0 Summary: Reader for AES SOFA HRTF files License: BSD-3-Clause @@ -30,6 +30,7 @@ BuildRequires: c++_compiler BuildRequires: cmake BuildRequires: ninja +BuildRequires: pkgconfig # for tests # BuildRequires: nodejs-common BuildRequires: pkgconfig(cunit) @@ -67,7 +68,6 @@ %install %cmake_install -rm %{buildroot}%{_libdir}/%{name}.a # test suite is broken # %%check ++++++ libmysofa-1.1.tar.gz -> libmysofa-1.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/libmysofa/libmysofa-1.1.tar.gz /work/SRC/openSUSE:Factory/.libmysofa.new.2401/libmysofa-1.2.tar.gz differ: char 26, line 1
