SUSE has issued an advisory on November 2: http://lists.suse.com/pipermail/sle-security-updates/2018-November/004822.html Mageia 6 is also affected.
CC: (none) => mramboWhiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => geiger.david68210, marja11, smelrorAssignee: bugsquad => pkg-bugs
openSUSE has issued an advisory for this on November 10: https://lists.opensuse.org/opensuse-updates/2018-11/msg00030.html
Updated cauldron to latest 2.1.1 release. Attempted to patch the Mageia 6 package but the patches did not apply to the mga6 code base so it too was updated to 2.1.1. Advisory: ======================== Updated soundtouch package fixes security vulnerabilities: Assertion failure in BPMDetect class in BPMDetect.cpp (CVE-2018-17096). Out-of-bounds heap write in WavOutFile::write() (CVE-2018-17097). Heap corruption in WavFileBase class in WavFile.cpp (CVE-2018-17098). References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17096 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17097 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17098 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17096 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17098 ======================== Updated packages in core/updates_testing: ======================== lib64soundtouch1-2.1.1-1.mga6 lib64soundtouch-devel-2.1.1-1.mga6 soundtouch-2.1.1-1.mga6 from soundtouch-2.1.1-1.mga6.src.rpm Test procedure https://bugs.mageia.org/show_bug.cgi?id=23323#c4 https://bugs.mageia.org/show_bug.cgi?id=23500#c5
Version: Cauldron => 6Assignee: pkg-bugs => qa-bugsKeywords: (none) => has_procedureWhiteboard: MGA6TOO => (none)
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. At CLI: $ soundstretch -license Displays the software licence.$ soundstretch 02Zapfenstreich.wav out.2 -tempo=+20 -pitch=-10 SoundStretch v2.1.1 - Copyright (c) Olli Parviainen ========================================================= author e-mail: <oparviai@iki.fi> - WWW: http://www.surina.net/soundtouch This program is subject to (L)GPL license. Run "soundstretch -license" for more information. Uses 32bit floating point sample type in processing. Processing the file with the following changes: tempo change = +20 % pitch change = -10 semitones rate change = +0 % Working...Done! $ aplay out.2 Playing WAVE 'out.2' : Signed 16 bit Little Endian, Rate 44100 Hz, Stereo Sounds awfull, but that's what I asked for.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Thank you Herman. Validating. Advisory from comment 3.
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0462.html
Status: NEW => RESOLVEDResolution: (none) => FIXED