Source: wavpack Version: 5.3.0-1 Severity: important Tags: security upstream Forwarded: https://github.com/dbry/WavPack/issues/91 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for wavpack. CVE-2020-35738[0]: | WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in | pack_utils.c because of an integer overflow in a malloc argument. | NOTE: some third-parties claim that there are later "unofficial" | releases through 5.3.2, which are also affected. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-35738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35738 [1] https://github.com/dbry/WavPack/issues/91 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
