Change History (4)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:4 by , 7 years ago
LAME 3.100 has been released including fixes to security vulnerabilities. Coy-paste from history: Rogério Brito - Don't include the debian directory as one that is needed during builds. Patch taken from Debian's packaging of lame. - Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1. This was transplanted back from aclocal.m4 with a patch provided by Andres Mejia. This change makes it easy to regenerate autotools' files with a simple invocation of autoconf -vfi. - Fix possible race condition causing build failures in libmp3lame. Discovered in automated builds by the Debian project with patch provided by Andres Mejia. Robert Hegemann - Improved detection of MPEG audio data in RIFF WAVE files. Tracker item [ 3545112 ] Invalid sampling detection - New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>. - Fix for tracker item [ 3558466 ] Bug in path handling - Fix for tracker item [ 3567844 ] problem with Tag genre - Fix for tracker item [ 3565659 ] no progress indication with pipe input - Fix for tracker item [ 3544957 ] scale (empty) silent encode without warning - Fix for tracker item [ 3580176 ] environment variable LAMEOPT doesn't work anymore - Fix for tracker item [ 3608583 ] input file name displayed with wrong character encoding (on windows console with CP_UTF8) - Fix for bug ticket [ #447 ] Fix dereference NULL and Buffer not NULL terminated issues. Thanks to Surabhi Mishra - Fix for bug ticket [ #445 ] dereference of a null pointer possible in loop. Thanks to Renu Tyagi - Fix for bug ticket [ #449 ] Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath - Fix for bug ticket [ #458 ] Multiple Stack and Heap Corruptions from Malicious File. Thanks to Gareth Evans and Elio Blanca - Fix for bug ticket [ #460 ] A division by zero vulnerability. Thanks to Wang Shiyang, Liu Bingchang - Fix for bug ticket [ #461 ] CVE-2017-9410 fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap - Fix for bug ticket [ #462 ] CVE-2017-9411 fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash - Fix for bug ticket [ #463 ] CVE-2017-9412 unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash - Fix for bug ticket [ #434 ] clip detect scale suggestion unaware of scale input value - HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow (write). Thanks to Henri Salo
Note:
See TracTickets
for help on using tickets.
First release since 2012. Over 700 lines in the change log. No release notes.