openSUSE Build Service

Security update for libmysofa

This update for libmysofa fixes the following issues:

- Added security backports:
gh#hoene/libmysofa#136 - CVE-2020-36152 - boo#1181977
gh#hoene/libmysofa#138 - CVE-2020-36148 - boo#1181981
gh#hoene/libmysofa#137 - CVE-2020-36149 - boo#1181980
gh#hoene/libmysofa#134 - CVE-2020-36151 - boo#1181978
gh#hoene/libmysofa#135 - CVE-2020-36150 - boo#1181979
gh#hoene/libmysofa#96 - CVE-2020-6860 - boo#1182883

Update to version 0.9.1

* Extended angular neighbor search to 'close the sphere'
* Added and exposed mysofa_getfilter_float_nointerp method
* Fixed various security issues
CVE-2019-16091 - boo#1149919
CVE-2019-16092 - boo#1149920
CVE-2019-16093 - boo#1149922
CVE-2019-16094 - boo#1149924
CVE-2019-16095 - boo#1149926
CVE-2019-20016 - boo#1159839
CVE-2019-20063 - boo#1160040

Submitted by Mia Herkt (mia)

Fixed bugs

VUL-1: CVE-2019-16095: libmysofa: invalid read in getDimension in hrtf/reader.c

bnc#1149919

VUL-1: CVE-2019-16091: libmysofa: out-of-bounds read in directblockRead in hdf/fractalhead.c.

bnc#1159839

VUL-1: CVE-2019-20016: libmysofa: improper restriction of recursive function calls in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c may lead to stack consumption

bnc#1182883

VUL-1: CVE-2020-6860: libmysofa: stack-based buffer overflow in readDataVar

bnc#1181979

VUL-1: CVE-2020-36150: libmysofa: Incorrect handling of input data in loudness function

bnc#1149922

VUL-1: CVE-2019-16093: libmysofa invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c

bnc#1181978

VUL-1: CVE-2020-36151: libmysofa: Incorrect handling of input data in mysofa_resampler_reset_mem function

bnc#1181981

VUL-1: CVE-2020-36148: libmysofa: Incorrect handling of input data in verifyAttribute function

bnc#1181977

VUL-1: CVE-2020-36152: libmysofa: Buffer overflow in readDataVar in hdf/dataobject.c

bnc#1149920

VUL-1: CVE-2019-16092: libmysofa: NULL pointer dereference in getHrtf in hrtf/reader.c

bnc#1149924

VUL-1: CVE-2019-16094: libmysofa: invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c

bnc#1160040

VUL-1: CVE-2019-20063: libmysofa: hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.

bnc#1181980

VUL-1: CVE-2020-36149: libmysofa: Incorrect handling of input data in changeAttribute function

Places

Fixed bugs

Selected Binaries

Places