Advisories » MGASA-2017-0077

Updated wavpack packages fix security vulnerability

Publication date: 17 Mar 2017
Modification date: 17 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10169

Description

Hanno Böck discovered a global buffer overread vulnerability in WavPack's
word parsing logic (CVE-2016-10169), this update fixes it.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20205
• http://openwall.com/lists/oss-security/2017/01/23/4
• https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10169

SRPMS

5/core

• wavpack-4.70.0-3.1.mga5