[SECURITY] [DLA 2722-1] libsndfile security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2722-1] libsndfile security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 29 Jul 2021 22:33:14 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2107292232100.4062@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2722-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 30, 2021                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libsndfile
Version        : 1.0.27-3+deb9u2
CVE ID         : CVE-2021-3246

An issue has been found in libsndfile, a library for reading/writing audiofiles. A crafted WAV file can trigger a heap buffer overflow and mightallow exectution of arbitrary code.



For Debian 9 stretch, this problem has been fixed in version
1.0.27-3+deb9u2.

We recommend that you upgrade your libsndfile packages.

For the detailed security status of libsndfile please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libsndfile

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmEDLKpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEchQQ/+O0n85LCPSciwYPN4kCi2Duh5YisSakNyuq1PB6nJA9C9dO9KHoi4HbDJ
Ynu2QJCHVxhz1COv31mCl+K6KO/r+huinShmhsKJS/3141ZrnzbDtYng2BoGacGG
WrJnIMFmmQBePhKmZFNpWO06OXVEYMXzOLkdf0mPPwA7OankfR0dCw1H/1HaRV0k
9DV05A8aIxo9y8Dxm2L+FUW1s+rglokVnwRX8XZSgolUCtZQXanCpewb4SMce4Nf
TP760Qem9JldUDuajoVTqG7+r48XuN+0TKD8t2marbuXx0nfvP/tby/eZh1xhWi7
o9FkmhxV74IoPCyz9DEA8GSac3r4pYeMNcXN+pJTw5SHVYAhQH/Jqpao6NLLLg+5
2dD2Tlwzn/mAfoWuOD4wrwqWHlmzRV5oPtcV2efMbhrwcvBZRU7DLvsyZhBRSHFh
+W0gLtxW57yGpQAqVGT+q8k5obPB7u1DMMRRqXAqriM1j/ww3HIGqvYssPLz1xA0
9qljSj7rUpGRxBW/Usi3yijfEZOq/RxyaGkF8pVwdoKjECx1BfHL5aopUxtZZeef
98hZvG4BO0wVb4VwNcBjszgnkBF36X/KQ6NLzHrbBnJu6Sd4ros/SSKrUAtYFaVv
VI0sSYPhiROWPUpWwy6WVjtzM3khYKt6wz6yRgifSm4YAlwrqng=
=0a1C
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2721-1] drupal7 security update
Next by Date: [SECURITY] [DLA 2723-1] linuxptp security update
Previous by thread: [SECURITY] [DLA 2721-1] drupal7 security update
Next by thread: [SECURITY] [DLA 2723-1] linuxptp security update
Index(es):
- Date
- Thread