Package: flac | Debian Sources

Package: flac / 1.3.0-3

Metadata

Package	Version	Patches format
flac	1.3.0-3	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
Revert man Makefile Fail more gracefully.patch \| (download)	man/Makefile.am \| 6 2 + 4 - 0 ! 1 file changed, 2 insertions(+), 4 deletions(-)	[patch] revert "man/makefile : fail more gracefully." This reverts commit 023f06f6cbc316127ca1a4fb4178ef344a413bd5.
0002 Add missing config.h includes.patch \| (download)	src/libFLAC++/metadata.cpp \| 4 4 + 0 - 0 ! src/libFLAC++/stream_decoder.cpp \| 4 4 + 0 - 0 ! src/libFLAC++/stream_encoder.cpp \| 4 4 + 0 - 0 ! src/plugin_xmms/charset.c \| 4 4 + 0 - 0 ! src/plugin_xmms/configure.c \| 4 4 + 0 - 0 ! src/plugin_xmms/fileinfo.c \| 4 4 + 0 - 0 ! src/plugin_xmms/http.c \| 4 4 + 0 - 0 ! src/plugin_xmms/plugin.c \| 4 4 + 0 - 0 ! src/plugin_xmms/tag.c \| 4 4 + 0 - 0 ! src/share/grabbag/alloc.c \| 4 4 + 0 - 0 ! src/test_libFLAC++/encoders.cpp \| 4 4 + 0 - 0 ! src/test_libFLAC++/main.cpp \| 4 4 + 0 - 0 ! src/test_libFLAC++/metadata.cpp \| 4 4 + 0 - 0 ! src/test_libFLAC++/metadata_object.cpp \| 4 4 + 0 - 0 ! src/utils/flactimer/main.cpp \| 4 4 + 0 - 0 ! 15 files changed, 60 insertions(+)	[patch 2/3] add missing config.h includes All C and C++ files must include config.h Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
0003 metaflac Fix local_strcat to terminate string correc.patch \| (download)	src/metaflac/utils.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch 3/3] metaflac : fix local_strcat() to terminate string correctly. The NUL char is written at incorrect place when the destination string is longer than 0, which causes memory corruption. It was broken by commit 2d6354ff2a618a79d40edbd4f208b4b07c5422f1. Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
requires flac.patch \| (download)	src/libFLAC++/flac++.pc.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	chain::status::as_cstring uses FLAC__Metadata_ChainStatusString which is in libFLAC. Since the function is inline, every program calling this function must also link with -lflac, but this is missing in flac++.pc. Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713645
CVE 2014 8962.patch \| (download)	src/libFLAC/stream_decoder.c \| 6 5 + 1 - 0 ! 1 file changed, 5 insertions(+), 1 deletion(-)	[patch] src/libflac/stream_decoder.c : fix buffer read overflow. This is CVE-2014-8962. Reported-by: Michele Spagnuolo, Google Security Team <mikispag@google.com>
CVE 2014 9028.patch \| (download)	src/libFLAC/stream_decoder.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[patch] src/libfacl/stream_decoder.c : fail safely to avoid a heap overflow. A file provided by the reporters caused the stream decoder to write to un-allocated heap space resulting in a segfault. The solution is to error out (by returning false from read_residual_partitioned_rice_()) instead of trying to continue to decode. Fixes: CVE-2014-9028 Reported-by: Michele Spagnuolo, Google Security Team <mikispag@google.com>
CVE 2014 9028 2.patch \| (download)	src/libFLAC/stream_decoder.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[patch] src/libflac/stream_decoder.c : fail safely to avoid a heap overflow. This fix is closely related to the fix for CVE-2014-9028. When that fix went public Miroslav Lichvar noticed a similar potential problem spot in the same function and was able to craft a file to trigger a heap write overflow. Reported-by : Miroslav Lichvar <mlichvar@redhat.com>

1