Hi all,
I've just released version 1.0.25. Main thing is a fix for Secunia
Advisory SA45125, a heap overflow in the PAF file parser. Since the
heap was getting overwritten with zeroes, there is little that an
attacker can acheive other than causing a program that uses
libsndfile to segfault.
Secunia suggest remote system access is possible:
http://www.securelist.com/en/advisories/45125
but I call bullshit.
Secunia also join my shit list for going public with this a week
early that they originally stated, meaning I had to rush this
release out. The rush of the release means the windows builds
have not been tested as thoroughly as I would have liked.
As usual, its available from:
http://www.mega-nerd.com/libsndfile/#Download
Cheers,
Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/
_______________________________________________
Linux-audio-dev mailing list
[email protected]
http://lists.linuxaudio.org/listinfo/linux-audio-dev
