Your message dated Sat, 17 Sep 2016 13:08:06 +0100 with message-id <1474114086.2011.126.ca...@adam-barratt.org.uk> and subject line Closing p-u bugs for updates in 8.6 has caused the Debian Bug report #827288, regarding jessie-pu: package audiofile/0.3.6-2 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 827288: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827288 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu Hi, This update fixes CVE-2015-7747 (#801102). The security bug is marked no-DSA, so the security team asked me to submit it as a normal stable update. The patch is copied directly from this Ubuntu bug (and is already applied in Ubuntu): https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721 Thanks, James -- System Information: Debian Release: stretch/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)diff -Nru audiofile-0.3.6/debian/changelog audiofile-0.3.6/debian/changelog --- audiofile-0.3.6/debian/changelog 2016-06-14 14:21:11.000000000 +0100 +++ audiofile-0.3.6/debian/changelog 2016-06-14 16:39:56.000000000 +0100 @@ -1,3 +1,11 @@ +audiofile (0.3.6-2+deb8u1) jessie; urgency=high + + * Team upload. + * Fix CVE-2015-7747: buffer overflow when changing both sample format and + number of channels. (Closes: #801102) + + -- James Cowgill <jcowg...@debian.org> Tue, 14 Jun 2016 16:39:49 +0100 + audiofile (0.3.6-2) unstable; urgency=low * Upload to unstable. diff -Nru audiofile-0.3.6/debian/patches/CVE-2015-7747.patch audiofile-0.3.6/debian/patches/CVE-2015-7747.patch --- audiofile-0.3.6/debian/patches/CVE-2015-7747.patch 1970-01-01 01:00:00.000000000 +0100 +++ audiofile-0.3.6/debian/patches/CVE-2015-7747.patch 2016-06-14 16:19:51.000000000 +0100 @@ -0,0 +1,161 @@ +Description: fix buffer overflow when changing both sample format and + number of channels +Origin: backport, https://github.com/mpruett/audiofile/pull/25 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801102 + +Index: audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp +=================================================================== +--- audiofile-0.3.6.orig/libaudiofile/modules/ModuleState.cpp 2015-10-20 08:00:58.036128202 -0400 ++++ audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp 2015-10-20 08:00:58.036128202 -0400 +@@ -402,7 +402,7 @@ + addModule(new Transform(outfc, in.pcm, out.pcm)); + + if (in.channelCount != out.channelCount) +- addModule(new ApplyChannelMatrix(infc, isReading, ++ addModule(new ApplyChannelMatrix(outfc, isReading, + in.channelCount, out.channelCount, + in.pcm.minClip, in.pcm.maxClip, + track->channelMatrix)); +Index: audiofile-0.3.6/test/Makefile.am +=================================================================== +--- audiofile-0.3.6.orig/test/Makefile.am 2015-10-20 08:00:58.036128202 -0400 ++++ audiofile-0.3.6/test/Makefile.am 2015-10-20 08:00:58.036128202 -0400 +@@ -26,6 +26,7 @@ + VirtualFile \ + floatto24 \ + query2 \ ++ sixteen-stereo-to-eight-mono \ + sixteen-to-eight \ + testchannelmatrix \ + testdouble \ +@@ -139,6 +140,7 @@ + printmarkers_LDADD = $(LIBAUDIOFILE) -lm + + sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h ++sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h + + testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h + +Index: audiofile-0.3.6/test/sixteen-stereo-to-eight-mono.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ audiofile-0.3.6/test/sixteen-stereo-to-eight-mono.c 2015-10-20 08:33:57.512286416 -0400 +@@ -0,0 +1,117 @@ ++/* ++ Audio File Library ++ ++ Copyright 2000, Silicon Graphics, Inc. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License along ++ with this program; if not, write to the Free Software Foundation, Inc., ++ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++*/ ++ ++/* ++ sixteen-stereo-to-eight-mono.c ++ ++ This program tests the conversion from 2-channel 16-bit integers to ++ 1-channel 8-bit integers. ++*/ ++ ++#ifdef HAVE_CONFIG_H ++#include <config.h> ++#endif ++ ++#include <stdint.h> ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <unistd.h> ++#include <limits.h> ++ ++#include <audiofile.h> ++ ++#include "TestUtilities.h" ++ ++int main (int argc, char **argv) ++{ ++ AFfilehandle file; ++ AFfilesetup setup; ++ int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921}; ++ int8_t frames8[] = {28, 6, -2}; ++ int i, frameCount = 3; ++ int8_t byte; ++ AFframecount result; ++ ++ setup = afNewFileSetup(); ++ ++ afInitFileFormat(setup, AF_FILE_WAVE); ++ ++ afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16); ++ afInitChannels(setup, AF_DEFAULT_TRACK, 2); ++ ++ char testFileName[PATH_MAX]; ++ if (!createTemporaryFile("sixteen-to-eight", testFileName)) ++ { ++ fprintf(stderr, "Could not create temporary file.\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ file = afOpenFile(testFileName, "w", setup); ++ if (file == AF_NULL_FILEHANDLE) ++ { ++ fprintf(stderr, "could not open file for writing\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ afFreeFileSetup(setup); ++ ++ afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount); ++ ++ afCloseFile(file); ++ ++ file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP); ++ if (file == AF_NULL_FILEHANDLE) ++ { ++ fprintf(stderr, "could not open file for reading\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8); ++ afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1); ++ ++ for (i=0; i<frameCount; i++) ++ { ++ /* Read one frame. */ ++ result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1); ++ ++ if (result != 1) ++ break; ++ ++ /* Compare the byte read with its precalculated value. */ ++ if (memcmp(&byte, &frames8[i], 1) != 0) ++ { ++ printf("error\n"); ++ printf("expected %d, got %d\n", frames8[i], byte); ++ exit(EXIT_FAILURE); ++ } ++ else ++ { ++#ifdef DEBUG ++ printf("got what was expected: %d\n", byte); ++#endif ++ } ++ } ++ ++ afCloseFile(file); ++ unlink(testFileName); ++ ++ exit(EXIT_SUCCESS); ++} diff -Nru audiofile-0.3.6/debian/patches/series audiofile-0.3.6/debian/patches/series --- audiofile-0.3.6/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ audiofile-0.3.6/debian/patches/series 2016-06-14 16:19:51.000000000 +0100 @@ -0,0 +1 @@ +CVE-2015-7747.patchsignature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Version: 8.6 The updates referred to in each of these bugs were included in today's stable point release. Regards, Adam
--- End Message ---