Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Fixes two minor security issue, debdiff below. Cheers, Moritz diff -Nru audiofile-0.3.6/debian/changelog audiofile-0.3.6/debian/changelog --- audiofile-0.3.6/debian/changelog 2017-03-16 21:43:45.000000000 +0100 +++ audiofile-0.3.6/debian/changelog 2019-04-11 00:28:31.000000000 +0200 @@ -1,3 +1,10 @@ +audiofile (0.3.6-4+deb9u1) stretch; urgency=medium + + * CVE-2018-13440 (Closes: #903499) + * CVE-2018-17095 (Closes: #913166) + + -- Moritz Mühlenhoff <j...@debian.org> Thu, 11 Apr 2019 00:28:31 +0200 + audiofile (0.3.6-4) unstable; urgency=high * Team upload. diff -Nru audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch --- audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch 1970-01-01 01:00:00.000000000 +0100 +++ audiofile-0.3.6/debian/patches/11_CVE-2018-13440.patch 2019-04-05 16:10:40.000000000 +0200 @@ -0,0 +1,28 @@ +From fde6d79fb8363c4a329a184ef0b107156602b225 Mon Sep 17 00:00:00 2001 +From: Wim Taymans <wtaym...@redhat.com> +Date: Thu, 27 Sep 2018 10:48:45 +0200 +Subject: [PATCH] ModuleState: handle compress/decompress init failure + +When the unit initcompress or initdecompress function fails, +m_fileModule is NULL. Return AF_FAIL in that case instead of +causing NULL pointer dereferences later. + +Fixes #49 +--- + libaudiofile/modules/ModuleState.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libaudiofile/modules/ModuleState.cpp b/libaudiofile/modules/ModuleState.cpp +index 0c29d7a..070fd9b 100644 +--- a/libaudiofile/modules/ModuleState.cpp ++++ b/libaudiofile/modules/ModuleState.cpp +@@ -75,6 +75,9 @@ status ModuleState::initFileModule(AFfilehandle file, Track *track) + m_fileModule = unit->initcompress(track, file->m_fh, file->m_seekok, + file->m_fileFormat == AF_FILE_RAWDATA, &chunkFrames); + ++ if (!m_fileModule) ++ return AF_FAIL; ++ + if (unit->needsRebuffer) + { + assert(unit->nativeSampleFormat == AF_SAMPFMT_TWOSCOMP); diff -Nru audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch --- audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch 1970-01-01 01:00:00.000000000 +0100 +++ audiofile-0.3.6/debian/patches/12_CVE-2018-17095.patch 2019-04-05 16:10:40.000000000 +0200 @@ -0,0 +1,26 @@ +From 822b732fd31ffcb78f6920001e9b1fbd815fa712 Mon Sep 17 00:00:00 2001 +From: Wim Taymans <wtaym...@redhat.com> +Date: Thu, 27 Sep 2018 12:11:12 +0200 +Subject: [PATCH] SimpleModule: set output chunk framecount after pull + +After pulling the data, set the output chunk to the amount of +frames we pulled so that the next module in the chain has the correct +frame count. + +Fixes #50 and #51 +--- + libaudiofile/modules/SimpleModule.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libaudiofile/modules/SimpleModule.cpp b/libaudiofile/modules/SimpleModule.cpp +index 2bae1eb..e87932c 100644 +--- a/libaudiofile/modules/SimpleModule.cpp ++++ b/libaudiofile/modules/SimpleModule.cpp +@@ -26,6 +26,7 @@ + void SimpleModule::runPull() + { + pull(m_outChunk->frameCount); ++ m_outChunk->frameCount = m_inChunk->frameCount; + run(*m_inChunk, *m_outChunk); + } + diff -Nru audiofile-0.3.6/debian/patches/series audiofile-0.3.6/debian/patches/series --- audiofile-0.3.6/debian/patches/series 2017-03-16 21:38:15.000000000 +0100 +++ audiofile-0.3.6/debian/patches/series 2019-04-11 00:28:31.000000000 +0200 @@ -8,3 +8,5 @@ 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch 09_Actually-fail-when-error-occurs-in-parseFormat.patch 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch +11_CVE-2018-13440.patch +12_CVE-2018-17095.patch