UbuntuUpdates.org

Package "wavpack"

Name: wavpack

Description:

audio codec (lossy and lossless) - encoder and decoder

Latest version: 5.1.0-5ubuntu0.2
Release: disco (19.04)
Level: updates
Repository: universe
Homepage: http://www.wavpack.com

Links

Save this URL for the latest version of "wavpack": https://www.ubuntuupdates.org/wavpack


Download "wavpack"


Other versions of "wavpack" in Disco

Repository Area Version
base main 5.1.0-5
base universe 5.1.0-5
security main 5.1.0-5ubuntu0.2
security universe 5.1.0-5ubuntu0.2
updates main 5.1.0-5ubuntu0.2

Changelog

Version: 5.1.0-5ubuntu0.2 2019-07-16 19:07:20 UTC

  wavpack (5.1.0-5ubuntu0.2) disco-security; urgency=medium

  * debian/0009-issue-41-make-sure-DFF-does-not*.patch: make sure
    DFF chunk does not have negative length.
  * debian/patches/0010-issue-43-catch-zero*.patch: catch zero
    channel count in DSF and DSDIFF files.
  * SECURITY UPDATE: Crash due a divide by zero
    - debian/patches/CVE-2019-1010315.patch: make sure DSDIFF files
      have a valid channel count in cli/dsdiff.c.
    - CVE-2019-1010315
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010317.patch: make sure CAF files
      have a "desc" chunk in cli/caff.c.
    - CVE-2019-1010317
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010318.patch: make sure sample rate is
      specified and non-zero in DFF files in cli/dsdiff.c.
    - CVE-2019-1010318
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010319.patch: clear WaveHeader at start
      to prevent uninitialized read in cli/wave64.c.
    - CVE-2019-1010319

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Jul 2019 15:45:37 -0300

Source diff to previous version
CVE-2019-1010315 WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tr
CVE-2019-1010317 WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The
CVE-2019-1010318 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11498. Reason: This candidate is a reservation duplicate of CVE-2019-11498. Notes
CVE-2019-1010319 WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The

Version: 5.1.0-5ubuntu0.1 2019-04-30 14:06:33 UTC

  wavpack (5.1.0-5ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-11498.patch: make sure sample rate variable
      is specified and non-zero in DFF files in cli/dsdiff.c.
    - CVE-2019-11498

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 29 Apr 2019 11:39:34 -0300

CVE-2019-11498 WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" co



About   -   Send Feedback to @ubuntu_updates