File _patchinfo of Package patchinfo.1366

<patchinfo incident="1366">
  <issue id="1026978" tracker="bnc">VUL-1: CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: audiofile: multiple ubsan crashes</issue>
  <issue id="1026979" tracker="bnc">VUL-1: CVE-2017-6827: audiofile: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp)</issue>
  <issue id="1026980" tracker="bnc">VUL-1: CVE-2017-6828: audiofile: heap-based buffer overflow in readValue (FileHandle.cpp)</issue>
  <issue id="1026981" tracker="bnc">VUL-1: CVE-2017-6829: audiofile: global buffer overflow in decodeSample (IMA.cpp)</issue>
  <issue id="1026982" tracker="bnc">VUL-1: CVE-2017-6830: audiofile: heap-based buffer overflow in alaw2linear_buf (G711.cpp)</issue>
  <issue id="1026983" tracker="bnc">VUL-1: CVE-2017-6831: audiofile: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp)</issue>
  <issue id="1026984" tracker="bnc">VUL-1: CVE-2017-6832: audiofile: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp)</issue>
  <issue id="1026985" tracker="bnc">VUL-1: CVE-2017-6833: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp)</issue>
  <issue id="1026986" tracker="bnc">VUL-1: CVE-2017-6834: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp)</issue>
  <issue id="1026987" tracker="bnc">VUL-1: CVE-2017-6836: audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h)</issue>
  <issue id="1026988" tracker="bnc">VUL-1: CVE-2017-6835: audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp)</issue>
  <issue id="949399" tracker="bnc">VUL-1: CVE-2015-7747: audiofile: Re: CVE Request: Audio File Library</issue>
  <issue id="2017-6837" tracker="cve" />
  <issue id="2017-6838" tracker="cve" />
  <issue id="2017-6839" tracker="cve" />
  <issue id="2017-6827" tracker="cve" />
  <issue id="2017-6828" tracker="cve" />
  <issue id="2017-6829" tracker="cve" />
  <issue id="2017-6830" tracker="cve" />
  <issue id="2017-6831" tracker="cve" />
  <issue id="2017-6832" tracker="cve" />
  <issue id="2017-6833" tracker="cve" />
  <issue id="2017-6834" tracker="cve" />
  <issue id="2017-6836" tracker="cve" />
  <issue id="2017-6835" tracker="cve" />
  <issue id="2015-7747" tracker="cve" />
  <category>security</category>
  <rating>low</rating>
  <packager>sbrabec</packager>
  <description>
This audiofile update fixes the following issue:

Security issues fixed:
- CVE-2015-7747: Fixed buffer overflow issue when changing both number of channels and sample format. (bsc#949399)
- CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979)
- CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980)
- CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981)
- CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982)
- CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983)
- CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984)
- CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985)
- CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986)
- CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988)
- CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987)
- CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978)
</description>
  <summary>Security update for audiofile</summary>
</patchinfo>