From ${URL} : Fabrizio Gennari reported an issue in The Audio File library to the Ubuntu bugtracker: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721 His description included, in part: When libaudiofile is used to change both the number of channels of an audio file (e.g. from stereo to mono) and the sample format (e.g. from 16-bit samples to 8-bit samples), the output file will contain corrupted data. If the new sample format is smaller than the old one, there is a risk of buffer overflow: e.g. when the input file has 16-bit samples and the output file has 8-bit samples, afReadFrames will treat the buffer to read the samples (argument void *data) as a pointer to int16_t instead of int8_t, therefore it will write past its end. He proposed a solution and test case to the Audio File library: https://github.com/mpruett/audiofile/pull/25/files @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
I created a PR which will add upstream's fix: https://github.com/gentoo/gentoo/pull/3581
Now in repository, https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d95fcc8b14612f4a91ab015436e4ea709ba1a7e4 @ Arches, please test and mark stable: =media-libs/audiofile-0.3.6-r3
Stable for HPPA.
amd64 stable
x86 stable
sparc stable
ia64 stable
Stable on alpha.
ppc64 stable
ppc stable
arm stable, all arches done.
@maintainer(s), please clean.
New GLSA request filed.
cleanup done
No ACE/RCE, downgraded to B3. GLSA Vote: No Repository is clean, all done.
