| |||||||||||||||||||
Fedora alert FEDORA-2009-11499 (libsndfile)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-11499 2009-11-16 06:25:55 -------------------------------------------------------------------------------- Name : libsndfile Product : Fedora 10 Version : 1.0.20 Release : 3.fc10 URL : http://www.mega-nerd.com/libsndfile/ Summary : Library for reading and writing sound files Description : libsndfile is a C library for reading and writing sound files such as AIFF, AU, WAV, and others through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and 64-bit floating point WAV files and a number of compressed formats. It compiles and runs on *nix, MacOS, and Win32. -------------------------------------------------------------------------------- Update Information: Version 1.0.20 (2009-03-14) * Fix potential heap overflow in VOC file parser (Tobias Klein, http://www.trapkit.de/). Version 1.0.19 (2009-03-02) * Fix for CVE-2009-0186 (Alin Rad Pop, Secunia Research). * Huge number of minor bug fixes as a result of static analysis. Version 1.0.18 (2009-02-07) * Add Ogg/Vorbis support (thanks to John ffitch). * Remove captive FLAC library. * Many new features and bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 14 2009 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.20-3 - Add FLAC/Ogg/Vorbis support (BR: libvorbis-devel) - Make build verbose - Remove rpath - Fix ChangeLog encoding - Move the big Changelog to the devel package * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.20-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Jun 6 2009 Lennart Poettering <lpoetter@redhat.com> - 1.0.20-1 - Updated to 1.0.20 * Tue Mar 3 2009 Robert Scheck <robert@fedoraproject.org> - 1.0.17-8 - Rebuilt against libtool 2.2 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.17-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #488361 - CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code https://bugzilla.redhat.com/show_bug.cgi?id=488361 [ 2 ] Bug #502657 - CVE-2009-1788 libsndfile VOC file heap based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=502657 [ 3 ] Bug #502658 - CVE-2009-1791 libsndfile AIFF file heap based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=502658 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libsndfile' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann... (Log in to post comments)
|
|||||||||||||||||||