-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-73274c9df4 2020-01-15 00:14:08.530926 --------------------------------------------------------------------------------
Name : mingw-wavpack Product : Fedora 30 Version : 5.1.0 Release : 9.fc30 URL : http://www.wavpack.com/ Summary : Completely open audiocodec Description : WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performance and functionality.
-------------------------------------------------------------------------------- Update Information:
Security fixes for: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2019-11498 CVE-2019-1010315 CVE-2019-1010319 CVE-2019-1010317 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 5 2020 Franti��ek Dvo����k valtri@civ.zcu.cz - 5.1.0-9 - Autosetup macro - Security fix for CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540 - Security fix for CVE-2018-19840, CVE-2018-19841 - Security fix for CVE-2019-11498, CVE-2019-1010315 - Security fix for CVE-2019-1010319 - Security fix for CVE-2019-1010317 * Tue Oct 8 2019 Sandro Mani manisandro@gmail.com - 5.1.0-8 - Rebuild (Changes/Mingw32GccDwarf2) * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 5.1.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1574719 - CVE-2018-10536 wavpack: out of bounds write in ParseRiffHeaderConfig in riff.c https://bugzilla.redhat.com/show_bug.cgi?id=1574719 [ 2 ] Bug #1729418 - CVE-2019-1010315 wavpack: divide by zero in ParseDsdiffHeaderConfig leads to crash https://bugzilla.redhat.com/show_bug.cgi?id=1729418 [ 3 ] Bug #1737740 - CVE-2019-1010319 wavpack: use of uninitialized variable in ParseWave64HeaderConfig leads to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1737740 [ 4 ] Bug #1737747 - CVE-2019-1010317 wavpack: use of uninitialized variable in ParseCaffHeaderConfig leads to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1737747 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-73274c9df4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------