[MacPorts] #60820: libsndfile 1.0.28 has multiple security issues
MacPorts
noreply at macports.org
Sun Jul 12 07:44:42 UTC 2020
#60820: libsndfile 1.0.28 has multiple security issues
-----------------------+------------------------
Reporter: manxorist | Owner: (none)
Type: update | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Keywords: | Port: libsndfile
-----------------------+------------------------
libsndfile 1.0.28 contains multiple security issues. See
[https://www.cvedetails.com/vulnerability-
list/vendor_id-16294/product_id-36889/Libsndfile-Project-Libsndfile.html].
Amongst others, also CVE-2017-12562, which causes a crash in openmpt123
([https://lib.openmpt.org/]) when rendering to wav files. See
[https://bugs.openmpt.org/view.php?id=974] and
[https://github.com/erikd/libsndfile/issues/292].
Please either update to at least [http://www.mega-
nerd.com/libsndfile/files/1.0.29pre2/libsndfile-1.0.29pre2.tar.bz2] or get
the fixes for this CVE (and others) from
[https://github.com/erikd/libsndfile/tree/master]. See
[https://github.com/erikd/libsndfile/issues/470] for further discussion.
Other distributions (like e.g. Debian ([https://security-
tracker.debian.org/tracker/source-package/libsndfile])) have already fixed
these issues.
--
Ticket URL: <https://trac.macports.org/ticket/60820>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list