Overview

File _patchinfo of Package patchinfo.15940

<patchinfo incident="15940">
  <issue tracker="cve" id="2020-6860"/>
  <issue tracker="cve" id="2019-16092"/>
  <issue tracker="cve" id="2020-36151"/>
  <issue tracker="cve" id="2020-36152"/>
  <issue tracker="cve" id="2019-16094"/>
  <issue tracker="cve" id="2020-36149"/>
  <issue tracker="cve" id="2020-36148"/>
  <issue tracker="cve" id="2019-20016"/>
  <issue tracker="cve" id="2019-16093"/>
  <issue tracker="cve" id="2019-16095"/>
  <issue tracker="cve" id="2019-20063"/>
  <issue tracker="cve" id="2020-36150"/>
  <issue tracker="cve" id="2019-16091"/>
  <issue tracker="bnc" id="1149926">VUL-1: CVE-2019-16095: libmysofa: invalid read in getDimension in hrtf/reader.c</issue>
  <issue tracker="bnc" id="1149919">VUL-1: CVE-2019-16091: libmysofa: out-of-bounds read in directblockRead in hdf/fractalhead.c.</issue>
  <issue tracker="bnc" id="1159839">VUL-1: CVE-2019-20016: libmysofa: improper restriction of recursive function calls in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c may lead to stack consumption</issue>
  <issue tracker="bnc" id="1182883">VUL-1: CVE-2020-6860: libmysofa: stack-based buffer overflow in readDataVar</issue>
  <issue tracker="bnc" id="1181979">VUL-1: CVE-2020-36150: libmysofa: Incorrect handling of input data in loudness function</issue>
  <issue tracker="bnc" id="1149922">VUL-1: CVE-2019-16093: libmysofa invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c</issue>
  <issue tracker="bnc" id="1181978">VUL-1: CVE-2020-36151: libmysofa: Incorrect handling of input data in mysofa_resampler_reset_mem function</issue>
  <issue tracker="bnc" id="1181981">VUL-1: CVE-2020-36148: libmysofa: Incorrect handling of input data in verifyAttribute function</issue>
  <issue tracker="bnc" id="1181977">VUL-1: CVE-2020-36152: libmysofa: Buffer overflow in readDataVar in hdf/dataobject.c</issue>
  <issue tracker="bnc" id="1149920">VUL-1: CVE-2019-16092: libmysofa: NULL pointer dereference in getHrtf in hrtf/reader.c</issue>
  <issue tracker="bnc" id="1149924">VUL-1: CVE-2019-16094: libmysofa: invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c</issue>
  <issue tracker="bnc" id="1160040">VUL-1: CVE-2019-20063: libmysofa: hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.</issue>
  <issue tracker="bnc" id="1181980">VUL-1: CVE-2020-36149: libmysofa: Incorrect handling of input data in changeAttribute function</issue>
  <packager>mia</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libmysofa</summary>
  <description>This update for libmysofa fixes the following issues:

- Added security backports:
    gh#hoene/libmysofa#136 - CVE-2020-36152 - boo#1181977
    gh#hoene/libmysofa#138 - CVE-2020-36148 - boo#1181981
    gh#hoene/libmysofa#137 - CVE-2020-36149 - boo#1181980
    gh#hoene/libmysofa#134 - CVE-2020-36151 - boo#1181978
    gh#hoene/libmysofa#135 - CVE-2020-36150 - boo#1181979
    gh#hoene/libmysofa#96 - CVE-2020-6860 - boo#1182883

Update to version 0.9.1

  * Extended angular neighbor search to 'close the sphere'
  * Added and exposed mysofa_getfilter_float_nointerp method
  * Fixed various security issues
    CVE-2019-16091 - boo#1149919
    CVE-2019-16092 - boo#1149920
    CVE-2019-16093 - boo#1149922
    CVE-2019-16094 - boo#1149924
    CVE-2019-16095 - boo#1149926
    CVE-2019-20016 - boo#1159839
    CVE-2019-20063 - boo#1160040
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places