Package: soundtouch / 1.9.2-2+deb9u1

Metadata

Package Version Patches format
soundtouch 1.9.2-2+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
cve 2017 92xx.patch | (download)

source/SoundTouch/TDStretch.cpp | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 fix cve-2017-9258, cve-2017-9259, cve-2017-9260
 Based on an upstream commit, original commit message was: "Added sanity
 checks against illegal input audio stream parameters e.g. wildly excessive
 samplerate".
 . 
 There is no reference to CVEs or bugs, the commit was made after disclosure
 of the CVEs and all three proofs of concept (crafted wav files) fail after
 this commit.
 . 
 The commit was made after version 2.0.0, so that version is also vulnerable.
 .
 Unrelated changes were stripped away by patch author, upstream commit author
 is Olli Parviainen <oparviai@iki.fi>.