[MacPorts] #60820: libsndfile 1.0.28 has multiple security issues
MacPorts
noreply at macports.org
Mon Jul 13 00:26:51 UTC 2020
#60820: libsndfile 1.0.28 has multiple security issues
-------------------------+--------------------
Reporter: manxorist | Owner: (none)
Type: update | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: libsndfile |
-------------------------+--------------------
Comment (by ryandesign):
Replying to [ticket:60820 manxorist]:
> Please either update to at least [http://www.mega-
nerd.com/libsndfile/files/1.0.29pre2/libsndfile-1.0.29pre2.tar.bz2] or get
the fixes for this CVE (and others) from
[https://github.com/erikd/libsndfile/tree/master]. See
[https://github.com/erikd/libsndfile/issues/470] for further discussion.
Usually we would like to use stable releases. In this case the developer
has not made a stable release in over 3 years and complains about not
having time to do a proper release. While I understand his position it
doesn't help us get working software to our users.
It looks like an additional CVE was fixed on master after 1.0.29pre2 so
maybe the simplest would be for us to use what's currently master, and
update it periodically if new commits appear there, and then return to
stable versions if and when 1.0.29 final is released.
--
Ticket URL: <https://trac.macports.org/ticket/60820#comment:2>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list