FS#57434 : [libsndfile] [lib32-libsndfile] 1.0.28: CVE galore

Comment by Pascal Ernster (hardfalcon) - Friday, 12 July 2019, 09:18 GMT

Upstream has "released" (but not really announced anywhere aside from a comment on an issue on their Github bugtracker) pre-release 2 of libsndfile 1.0.29:

https://github.com/erikd/libsndfile/issues/470#issuecomment-501893463

Also, I've put together ready-made git-based PKGBUILDs for both the libsndfile and lib32-libsndfile packages, in the desperate hope that somebody will actually give a fuck about Archlinux shipping packages with a dozen unfixed CVEs.

Comment by Pascal Ernster (hardfalcon) - Thursday, 17 September 2020, 14:22 GMT

Comment by Manuel Hartung (pixlar) - Saturday, 06 February 2021, 21:16 GMT

Comment by loqs (loqs) - Saturday, 06 February 2021, 21:50 GMT

Comment by Manuel Hartung (pixlar) - Saturday, 06 February 2021, 21:52 GMT

@loqs wonderful - any news when this will be deployed? can one help testing? i could at least test my case ...

Comment by Pascal Ernster (hardfalcon) - Saturday, 06 February 2021, 22:55 GMT

I've just signed off on both libsndfile 1.0.31-1 and lib32-libsndfile 1.0.31-1, but both package require one additional signoff to be moved from testing/multilib-testing to extra/multilib.

Loading...