[LAD] Just released libsndfile-1.0.25

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: <linux-audio-dev@...>
Date: Wednesday, July 13, 2011 - 12:06 pm

Hi all,

I've just released version 1.0.25. Main thing is a fix for Secunia
Advisory SA45125, a heap overflow in the PAF file parser. Since the
heap was getting overwritten with zeroes, there is little that an
attacker can acheive other than causing a program that uses
libsndfile to segfault.

Secunia suggest remote system access is possible:


but I call bullshit.

Secunia also join my shit list for going public with this a week
early that they originally stated, meaning I had to rush this
release out. The rush of the release means the windows builds
have not been tested as thoroughly as I would have liked.

As usual, its available from:


Erik de Castro Lopo
Linux-audio-dev mailing list

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

This is the only confirmed message in this thread.