FEDORA-EPEL-2017-abd82daec6

security update in Fedora EPEL 6 for lame

Status: stable 2 years ago

LAME 3.100 - October 13 2017

  • RogĂ©rio Brito
    • Don't include the debian directory as one that is needed during builds. Patch taken from Debian's packaging of lame.
    • Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1. This was transplanted back from aclocal.m4 with a patch provided by Andres Mejia. This change makes it easy to regenerate autotools' files with a simple invocation of autoconf -vfi.
    • Fix possible race condition causing build failures in libmp3lame. Discovered in automated builds by the Debian project with patch provided by Andres Mejia.
  • Robert Hegemann
    • Improved detection of MPEG audio data in RIFF WAVE files. Tracker item [ 3545112 ] Invalid sampling detection
    • New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>.</factor></decibel>
    • Fix for tracker item [ 3558466 ] Bug in path handling
    • Fix for tracker item [ 3567844 ] problem with Tag genre
    • Fix for tracker item [ 3565659 ] no progress indication with pipe input
    • Fix for tracker item [ 3544957 ] scale (empty) silent encode without warning
    • Fix for tracker item [ 3580176 ] environment variable LAMEOPT doesn't work anymore
    • Fix for tracker item [ 3608583 ] input file name displayed with wrong character encoding (on windows console with CP_UTF8)
    • Fix for bug ticket [ #447 ] Fix dereference NULL and Buffer not NULL terminated issues. Thanks to Surabhi Mishra
    • Fix for bug ticket [ #445 ] dereference of a null pointer possible in loop. Thanks to Renu Tyagi
    • Fix for bug ticket [ #449 ] Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath
    • Fix for bug ticket [ #458 ] Multiple Stack and Heap Corruptions from Malicious File. Thanks to Gareth Evans and Elio Blanca
    • Fix for bug ticket [ #460 ] A division by zero vulnerability. Thanks to Wang Shiyang, Liu Bingchang
    • Fix for bug ticket [ #461 ] CVE-2017-9410 fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap
    • Fix for bug ticket [ #462 ] CVE-2017-9411 fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash
    • Fix for bug ticket [ #463 ] CVE-2017-9412 unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash
    • Fix for bug ticket [ #434 ] clip detect scale suggestion unaware of scale input value
    • HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow (write). Thanks to Henri Salo
  • Alexander Leidinger
    • Feature request, patch ticket [ #27 ] Add lame_encode_buffer_interleaved_int() by Michael Fink

How to install

sudo dnf upgrade --advisory=FEDORA-EPEL-2017-abd82daec6

Comments 6

This update has been submitted for testing by robert.

This update has been pushed to testing.

All good.

karma: +1 #1470199: +1 #1470201: +1 #1505107: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1470199 CVE-2015-9099 CVE-2015-9100 CVE-2017-11720 CVE-2017-13712 CVE-2017-15018 CVE-2017-15019 CVE-2017-15045 CVE-2017-15046 CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 CVE-2017-8419 lame: Multiple vulnerabilities
#1470201 CVE-2015-9099 CVE-2015-9100 CVE-2017-11720 CVE-2017-13712 CVE-2017-15018 CVE-2017-15019 CVE-2017-15045 CVE-2017-15046 CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 CVE-2017-8419 lame: Multiple vulnerabilities [epel-all]
#1505107 LAME 3.100 update with security fixes
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+1
stable threshold: 1
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 3

0+1 #1470199 CVE-2015-9099 CVE-2015-9100 CVE-2017-11720 CVE-2017-13712 CVE-2017-15018 CVE-2017-15019 CVE-2017-15045 CVE-2017-15046 CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 CVE-2017-8419 lame: Multiple vulnerabilities
0+1 #1470201 CVE-2015-9099 CVE-2015-9100 CVE-2017-11720 CVE-2017-13712 CVE-2017-15018 CVE-2017-15019 CVE-2017-15045 CVE-2017-15046 CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 CVE-2017-8419 lame: Multiple vulnerabilities [epel-all]
0+1 #1505107 LAME 3.100 update with security fixes

Automated Test Results