CVE-2016-10169: global buffer overread in read_code / read_words.c
CVE-2016-10170: Heap out of bounds read in WriteCaffHeader / caff.c
CVE-2016-10171: heap out of bounds read in unreorder_channels / wvunpack.c
CVE-2016-10172: Heap out of bounds read in read_new_config_info / open_utils.c
---
A comment from upstream sais:
The current release [5.1.0] has been extensively tested by AFL and is probably the most robust WavPack release to date. It is also 100% functionally compatible with 4.80 (no broken apps).
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc#commitcomment-20691383
http://www.wavpack.com/changelog.txt
main/wavpack/APKBUILD | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/main/wavpack/APKBUILD b/main/wavpack/APKBUILD
index a75d35b..2729177 100644
--- a/main/wavpack/APKBUILD+++ b/main/wavpack/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com># Contributor: Carlo Landmeter
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=wavpack
-pkgver=4.75.2+pkgver=5.1.0pkgrel=0
pkgdesc="Audio compression format with lossless, lossy, and hybrid compression modes"
url="http://www.wavpack.com/"
@@ -13,6 +14,13 @@ install=
subpackages="$pkgname-dev $pkgname-doc"
source="http://www.wavpack.com/${pkgname}-${pkgver}.tar.bz2"
+# secfixes:+# 5.1.0-r0:+# - CVE-2016-10169+# - CVE-2016-10170+# - CVE-2016-10171+# - CVE-2016-10172+_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
@@ -49,6 +57,6 @@ package() {
make DESTDIR="$pkgdir" install || return 1
}
-md5sums="e8bbc4c3382f9148918ad7b896e10ac1 wavpack-4.75.2.tar.bz2"-sha256sums="7d31b34166c33c3109b45c6e4579b472fd05e3ee8ec6d728352961c5cdd1d6b0 wavpack-4.75.2.tar.bz2"-sha512sums="f4af9f74aff27d9503d97319a4749d901bd7563c7e3eed025128d58add09dcd16f873d18c54f4bad1df95cdadd9f0c8047f8186d5158c175e60c22ed2df39635 wavpack-4.75.2.tar.bz2"+md5sums="7f06272651f0c2292c1d0ba353386782 wavpack-5.1.0.tar.bz2"+sha256sums="1939627d5358d1da62bc6158d63f7ed12905552f3a799c799ee90296a7612944 wavpack-5.1.0.tar.bz2"+sha512sums="4c31616ae63c3a875afa20f26ce935f7a8f9921e2892b4b8388eca3ccd83b2d686f43eed8b9ec1dead934a1148401b9dced3b05f509b7942c48d7af31cf80a54 wavpack-5.1.0.tar.bz2"
--
2.8.3
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---