CVE-2017-17054, http://cve.circl.lu/cve/CVE-2017-17054 Published 2017-11-29T02:29:00.257000 In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file. CVE-2018-14521, http://cve.circl.lu/cve/CVE-2018-14521 Published 2018-07-23T04:29:00.467000 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc. CVE-2018-14522, http://cve.circl.lu/cve/CVE-2018-14522 Published 2018-07-23T04:29:00.513000 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. CVE-2018-14523, http://cve.circl.lu/cve/CVE-2018-14523 Published 2018-07-23T04:29:00.560000 An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
x86 stable
amd64 stable
sparc done.
ppc64 stable. all arches stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=640bb6cccb3c071724ae448942c4e37e9d6821f0 commit 640bb6cccb3c071724ae448942c4e37e9d6821f0 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-10-06 19:33:01 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-10-06 19:45:14 +0000 media-libs/aubio: Security cleanup Bug: https://bugs.gentoo.org/667510 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.50, Repoman-2.3.11 media-libs/aubio/Manifest | 3 - media-libs/aubio/aubio-0.4.1-r1.ebuild | 104 -------------------- media-libs/aubio/aubio-0.4.2-r1.ebuild | 105 -------------------- media-libs/aubio/aubio-0.4.6.ebuild | 111 ---------------------- media-libs/aubio/files/aubio-0.4.1-ffmpeg29.patch | 22 ----- media-libs/aubio/files/aubio-0.4.6-ffmpeg4.patch | 13 --- 6 files changed, 358 deletions(-)
proaudio is done here, anyway...
