- Add 0001-Always-check-the-number-of-coefficients.patch to put in code
an assert that was removed when building the code for a release
which checks the number of coeficients in WAVE.cpp .
- Add 0002-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch
to check for a multiplication overflow in MSADPCM.cpp .
- Add 0003-Check-for-multiplication-overflow-in-sfconvert.patch to
check that a multiplication doesn't overflow when calculating a
buffer size and reduce it if necessary.
- Add 0004-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
to clamp index values to fix an index overflow in IMA.cpp .
- Add 0005-Actually-fail-when-error-occurs-in-parseFormat.patch
so when there's an unsupported number of bits per sample or an invalid
number of samples per block, don't only print an error message using
the error handler, but actually stop parsing the file.
- Add 0006-Check-for-division-by-zero-in-BlockCodec-runPull.patch to
check for division by zero in BlockCodec::runPull
- These patches fix boo#1026978 (CVE-2017-6837, CVE-2017-6838,
CVE-2017-6839), boo#1026979 (CVE-2017-6827),
boo#1026980 (CVE-2017-6828), boo#1026981 (CVE-2017-6829),
boo#1026982 (CVE-2017-6830), boo#1026983 (CVE-2017-6831),
boo#1026984 (CVE-2017-6832), boo#1026985 (CVE-2017-6833),
boo#1026986 (CVE-2017-6834), boo#1026987 (CVE-2017-6836),
boo#1026988 (CVE-2017-6835).