Package: soundtouch / 1.9.2-2+deb9u1


Package Version Patches format
soundtouch 1.9.2-2+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
cve 2017 92xx.patch | (download)

source/SoundTouch/TDStretch.cpp | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 fix cve-2017-9258, cve-2017-9259, cve-2017-9260
 Based on an upstream commit, original commit message was: "Added sanity
 checks against illegal input audio stream parameters e.g. wildly excessive
 There is no reference to CVEs or bugs, the commit was made after disclosure
 of the CVEs and all three proofs of concept (crafted wav files) fail after
 this commit.
 The commit was made after version 2.0.0, so that version is also vulnerable.
 Unrelated changes were stripped away by patch author, upstream commit author
 is Olli Parviainen <>.