From f55d08ac6babfc9b9ae659cf0ebd56c63de06e44 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Apr 11 2017 08:39:11 +0000 Subject: updated to 1.0.28 fix possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586) fix possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585) --- diff --git a/.gitignore b/.gitignore index 3631163..2e16d72 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ libsndfile-1.0.21.tar.gz /libsndfile-1.0.24.tar.gz /libsndfile-1.0.25.tar.gz /libsndfile-1.0.27.tar.gz +/libsndfile-1.0.28.tar.gz diff --git a/libsndfile.spec b/libsndfile.spec index 7ccb463..5fd7640 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -1,7 +1,7 @@ Summary: Library for reading and writing sound files Name: libsndfile -Version: 1.0.27 -Release: 2%{?dist} +Version: 1.0.28 +Release: 1%{?dist} License: LGPLv2+ and GPLv2+ and BSD Group: System Environment/Libraries URL: http://www.mega-nerd.com/libsndfile/ @@ -150,6 +150,11 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check %changelog +* Tue Apr 11 2017 Michal Hlavinka - 1.0.28-1 +- updated to 1.0.28 +- fix possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586) +- fix possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585) + * Fri Feb 10 2017 Fedora Release Engineering - 1.0.27-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild diff --git a/sources b/sources index a3ffa74..629c63d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fd1d97c6077f03b5d984d7956ffedb7a libsndfile-1.0.27.tar.gz +SHA512 (libsndfile-1.0.28.tar.gz) = 890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f