commit libsndfile for openSUSE:Factory

Thu, 15 Jun 2017 02:19:30 -0700 

Hello community,

here is the log from the commit of package libsndfile for openSUSE:Factory 
checked in at 2017-06-15 11:18:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libsndfile (Old)
 and      /work/SRC/openSUSE:Factory/.libsndfile.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libsndfile"

Thu Jun 15 11:18:37 2017 rev:51 rq:503303 version:1.0.28

Changes:
--------
--- /work/SRC/openSUSE:Factory/libsndfile/libsndfile.changes    2017-05-18 
20:45:52.755928761 +0200
+++ /work/SRC/openSUSE:Factory/.libsndfile.new/libsndfile.changes       
2017-06-15 11:18:38.395681818 +0200
@@ -1,0 +2,7 @@
+Tue Jun 13 08:36:52 CEST 2017 - [email protected]
+
+- Fix out-of-bounds read memory access in the aiff_read_chanmap()
+  (CVE-2017-6892, bsc#1043978):
+  0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
+
+-------------------------------------------------------------------

New:
----
  0010-src-aiff.c-Fix-a-buffer-read-overflow.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libsndfile.spec ++++++
--- /var/tmp/diff_new_pack.tyTGt1/_old  2017-06-15 11:18:39.115580113 +0200
+++ /var/tmp/diff_new_pack.tyTGt1/_new  2017-06-15 11:18:39.115580113 +0200
@@ -31,6 +31,7 @@
 # PATCH-FIX-UPSTREAM
 Patch1:         0001-FLAC-Fix-a-buffer-read-overrun.patch
 Patch2:         0002-src-flac.c-Fix-a-buffer-read-overflow.patch
+Patch10:        0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
@@ -80,6 +81,7 @@
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch10 -p1
 %patch100 -p1
 
 %build

++++++ 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch ++++++
>From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <[email protected]>
Date: Tue, 23 May 2017 20:15:24 +1000
Subject: [PATCH] src/aiff.c: Fix a buffer read overflow

Secunia Advisory SA76717.

Found by: Laurent Delosieres, Secunia Research at Flexera Software
---
 src/aiff.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/src/aiff.c
+++ b/src/aiff.c
@@ -1905,7 +1905,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, uns
                psf_binheader_readf (psf, "j", dword - bytesread) ;
 
        if (map_info->channel_map != NULL)
-       {       size_t chanmap_size = psf->sf.channels * sizeof 
(psf->channel_map [0]) ;
+       {       size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 
0xffff) * sizeof (psf->channel_map [0]) ;
 
                free (psf->channel_map) ;

Reply via email to