Mageia alert MGASA-2021-0271 (wavpack) [LWN.net]


From:
               Mageia Updates <buildsystem-daemon@mageia.org>
To:
               updates-announce@ml.mageia.org
Subject:
               [updates-announce] MGASA-2021-0271: Updated wavpack packages fix a security vulnerability
Date:
               Wed, 23 Jun 2021 19:13:56 +0200
Message-ID:
               <20210623171356.3BCD99FF35@duvel.mageia.org>
Archive-link:
               Article
MGASA-2021-0271 - Updated wavpack packages fix a security vulnerability

Publication date: 23 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0271.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-35738

Description:
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c
because of an integer overflow in a malloc argument (CVE-2020-35738).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28085
- https://ubuntu.com/security/notices/USN-4682-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3...

SRPMS:
- 7/core/wavpack-5.1.0-4.2.mga7

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2021-0271: Updated wavpack packages fix a security vulnerability
Date:		Wed, 23 Jun 2021 19:13:56 +0200
Message-ID:		<20210623171356.3BCD99FF35@duvel.mageia.org>
Archive-link:		Article