Bug 607054 (CVE-2016-10169, CVE-2016-10170, CVE-2016-10171, CVE-2016-10172)

Summary:	<media-sound/wavpack-5.1.0: Several out of bounds reads
Product:	Gentoo Security	Reporter:	Hanno Böck <hanno>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	sound
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.openwall.com/lists/oss-security/2017/01/28/9
Whiteboard:	B3 [noglsa cve]
Package list:	=media-sound/wavpack-5.1.0	Runtime testing required:	---
Bug Depends on:	609168
Bug Blocks:

Description Hanno Böck gentoo-dev

2017-01-24 11:36:03 UTC

See here:
http://www.openwall.com/lists/oss-security/2017/01/23/4

4 out of bounds read errors, yet all fixed in one commit. Upstream version 5.1.0 contains the fix, please bump.

Comment 1 Alexis Ballier gentoo-dev

2017-01-29 12:05:43 UTC

wavpack 5.1.0 can go stable i think

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-29 23:57:50 UTC

@ Arches,

please test and mark stable: =media-sound/wavpack-5.1.0

Comment 3 Agostino Sarubbo gentoo-dev

2017-01-30 13:09:56 UTC

amd64 stable

Comment 4 Agostino Sarubbo gentoo-dev

2017-01-31 11:44:33 UTC

x86 stable

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2017-01-31 13:51:39 UTC

Stable for PPC64.

Comment 6 Jeroen Roovers (RETIRED) gentoo-dev

2017-01-31 13:56:08 UTC

Stable for HPPA.

Comment 7 Tobias Klausmann (RETIRED) gentoo-dev

2017-01-31 15:52:52 UTC

Stable on alpha.

Comment 8 Michael Weber (RETIRED) gentoo-dev

2017-02-08 00:39:54 UTC

ppc stable

Comment 9 Agostino Sarubbo gentoo-dev

2017-02-17 10:58:37 UTC

sparc stable

Comment 10 Agostino Sarubbo gentoo-dev

2017-02-18 14:46:11 UTC

ia64 stable

Comment 11 Markus Meier gentoo-dev

2017-02-25 07:48:56 UTC

arm stable, all arches done.

Comment 12 Aaron Bauman (RETIRED) gentoo-dev

2017-02-26 07:39:19 UTC

GLSA Vote: No