Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20171021224129.34you4kzttvgnbj7@tunkki.bugs.fi>
Date: Sun, 22 Oct 2017 01:41:29 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: LAME 3.100 released with security fixes

Hello,

LAME 3.100 has been released including fixes to security vulnerabilities.
Coy-paste from history:

Rogério Brito

- Don't include the debian directory as one that is needed during builds. Patch
taken from Debian's packaging of lame.

- Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
This was transplanted back from aclocal.m4 with a patch provided by Andres
Mejia. This change makes it easy to regenerate autotools' files with a simple
invocation of autoconf -vfi.

- Fix possible race condition causing build failures in libmp3lame. Discovered
in automated builds by the Debian project with patch provided by Andres Mejia.

Robert Hegemann

- Improved detection of MPEG audio data in RIFF WAVE files. Tracker item [
3545112 ] Invalid sampling detection

- New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to
apply Gain adjustment in decibels, than the use of --scale <factor>.

- Fix for tracker item [ 3558466 ] Bug in path handling

- Fix for tracker item [ 3567844 ] problem with Tag genre

- Fix for tracker item [ 3565659 ] no progress indication with pipe input

- Fix for tracker item [ 3544957 ] scale (empty) silent encode without warning

- Fix for tracker item [ 3580176 ] environment variable LAMEOPT doesn't work
anymore

- Fix for tracker item [ 3608583 ] input file name displayed with wrong
character encoding (on windows console with CP_UTF8)

- Fix for bug ticket [ #447 ] Fix dereference NULL and Buffer not NULL
terminated issues. Thanks to Surabhi Mishra

- Fix for bug ticket [ #445 ] dereference of a null pointer possible in loop.
Thanks to Renu Tyagi

- Fix for bug ticket [ #449 ] Make sure functions with SSE instructions
maintain their own properly aligned stack. Thanks to Fabian Greffrath

- Fix for bug ticket [ #458 ] Multiple Stack and Heap Corruptions from
Malicious File. Thanks to Gareth Evans and Elio Blanca

- Fix for bug ticket [ #460 ] A division by zero vulnerability. Thanks to Wang
Shiyang, Liu Bingchang

- Fix for bug ticket [ #461 ] CVE-2017-9410 fill_buffer_resample function in
libmp3lame/util.c heap-based buffer over-read and ap

- Fix for bug ticket [ #462 ] CVE-2017-9411 fill_buffer_resample function in
libmp3lame/util.c invalid memory read and application crash

- Fix for bug ticket [ #463 ] CVE-2017-9412 unpack_read_samples function in
frontend/get_audio.c invalid memory read and application crash

- Fix for bug ticket [ #434 ] clip detect scale suggestion unaware of scale
input value

- HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3
data resulted in internal buffer overflow (write). Thanks to Henri Salo

Alexander Leidinger

- Feature request, patch ticket [ #27 ] Add
lame_encode_buffer_interleaved_int() by Michael Fink

-- 
Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.