id summary reporter owner description type status priority milestone component version severity resolution keywords cc 7161 libsndfile-1.0.26 Fernando de Oliveira Fernando de Oliveira " == Security Update == CVE-2014-9496, CVE-2014-9756, CVE-2015-7805 [http://www.mega-nerd.com/libsndfile/files/libsndfile-1.0.26.tar.gz] [http://www.mega-nerd.com/libsndfile/files/libsndfile-1.0.26.tar.gz.asc] [http://www.mega-nerd.com/libsndfile/NEWS] or [http://permalink.gmane.org/gmane.comp.audio.libsndfile.devel/705] {{{ Erik de Castro Lopo | 22 Nov 20:31 2015 Version 1.0.26 released Hi all, After an embarrasingly long time between releases, I am pleased to announce the release of libsndfile 1.0.26. Main things of note are: * Fix for CVE-2014-9496, SD2 buffer read overflow. * Fix for CVE-2014-9756, file_io.c divide by zero. * Fix for CVE-2015-7805, AIFF heap write overflow. * Add support for ALAC encoder in a CAF container. * Add support for Cart chunks in WAV files. * Minor bug fixes and improvements. Its available here: http://www.mega-nerd.com/libsndfile/#Download Cheers, Erik }}}" enhancement closed high 7.9 BOOK SVN normal fixed