Hi all,
I've just released version 1.0.25. Main thing is a fix for Secunia
Advisory SA45125, a heap overflow in the PAF file parser. Since the
heap was getting overwritten with zeroes, there is little that an
attacker can acheive other than causing a program that uses
libsndfile to segfault.
Secunia suggest remote system access is possible:
http://www.securelist.com/en/advisories/45125
but I call bullshit.
Secunia also join my shit list for going public with this a week
early that they originally stated, meaning I had to rush this
release out. The rush of the release means the windows builds
have not been tested as thoroughly as I would have liked.
As usual, its available from:
http://www.mega-nerd.com/libsndfile/#Download
Cheers,
Erik
-- ---------------------------------------------------------------------- Erik de Castro Lopo http://www.mega-nerd.com/ _______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@email-addr-hidden http://lists.linuxaudio.org/listinfo/linux-audio-devReceived on Wed Jul 13 16:15:01 2011
This archive was generated by hypermail 2.1.8 : Wed Jul 13 2011 - 16:15:01 EEST