Fix for CVE-2019-1010319

2019-08-19 11:39:11 +02:00 · 2019-08-19 11:39:11 +02:00 · ef9d4e4872
commit ef9d4e4872
parent 3e3b42fe9d
2 changed files with 17 additions and 1 deletions
--- a/wavpack-0012-issue-68-clear-WaveHeader-at-start-to-prevent-uninit.patch
+++ b/wavpack-0012-issue-68-clear-WaveHeader-at-start-to-prevent-uninit.patch
@ -0,0 +1,12 @@
+diff --git a/cli/wave64.c b/cli/wave64.c
+index 7beffe6..59548b1 100644
+--- a/cli/wave64.c
+++ b/cli/wave64.c
+@@ -56,6 +56,7 @@ int ParseWave64HeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+     int format_chunk = 0;
+     uint32_t bcount;
+ 
+    CLEAR (WaveHeader);
+     infilesize = DoGetFileSize (infile);
+     memcpy (&filehdr, fourcc, 4);
+ 
--- a/wavpack.spec
+++ b/wavpack.spec
@ -1,7 +1,7 @@
 Name:		wavpack
 Summary:	A completely open audiocodec
 Version:	5.1.0
-Release:	14%{?dist}
+Release:	15%{?dist}
 License:	BSD
 Url:		http://www.wavpack.com/
 Source:		http://www.wavpack.com/%{name}-%{version}.tar.bz2
@ -16,6 +16,7 @@ Patch8:		wavpack-0008-issue-41-make-sure-DFF-chunk-does-not-have-negative-.patch
 Patch9:		wavpack-0009-issue-43-catch-zero-channel-count-in-DSF-and-DSDIFF-.patch
 Patch10:	wavpack-0010-issue-65-make-sure-DSDIFF-files-have-a-valid-channel.patch
 Patch11:	wavpack-0011-issue-67-make-sure-sample-rate-is-specified-and-non-.patch
+Patch12:	wavpack-0012-issue-68-clear-WaveHeader-at-start-to-prevent-uninit.patch
 # For autoreconf
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -76,6 +77,9 @@ rm -f %{buildroot}/%{_libdir}/*.la
 %doc ChangeLog README

 %changelog
+* Mon Aug 19 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-15
+- Fix for CVE-2019-1010319
+
 * Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.0-14
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild