Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACqxkW+VWetr30iWUQaEaLOJ0FTgc0Bv4SPRm9pftaw15X1+bw@mail.gmail.com>
Date: Sat, 15 Apr 2017 14:38:23 +0100
From: Nick Boyce <nick.boyce@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: libsamplerate: global buffer overflow in
 calc_output_single (src_sinc.c)

Hi Agostino,

Ian>>> Affected version:  1.0.8
Ian>>> Fixed version:  1.0.9
Ian>>
Ian>> Should this be 0.1.8 and 0.1.9 instead?
you>
you> I dind't understand at all what you would to change.

Perhaps Ian is referring to the fact that at the "Secret Rabbit Code"
home of libsamplerate, to which your linked blog article provides this
link:
http://www.mega-nerd.com/SRC/
there is no reference to any version numbers of the form 1.0.x, but
only numbers such as 0.1.8 (the last release [dated 15.Aug.2011]
mentioned in the changelog as I write)
http://www.mega-nerd.com/SRC/ChangeLog
and 0.1.9 (the latest version actually available for download):
http://www.mega-nerd.com/SRC/download.html

I'm just as confused as Ian.

Cheers
Nick Boyce
(just following along at home)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.