[pulseaudio-discuss] libsndfile CVE-2014-9496
Michael DePaulo
mikedep333 at gmail.com
Wed Jan 21 18:42:52 PST 2015
Hi PulseAudio devs,
Can someone tell me whether PulseAudio can actually be affected by the
libsndfile vulnerability CVE-2014-9496?
https://bugs.mageia.org/show_bug.cgi?id=14961
"It looks like the affected code is in reading SD2 (Sound Designer II)
files and writing AIFF files".
I am thinking the answer is "no".
Currently I am maintaining both X2Go Client for Windows[1] and my
unofficial PulseAudio builds for Windows[2][3]. X2Go Client for
Windows bundles the PulseAudio builds. So I am trying to figure out
whether I urgently need to update them with the patched libsndfile
.DLL.
Thanks.
-Mike
[1] http://wiki.x2go.org/doku.php/doc:release-notes-mswin
[2] https://build.opensuse.org/project/show/home:mikedep333:branches:home:mkbosmans:mingw32:pulseaudio
[3] http://code.x2go.org/releases/binary-win32/3rd-party/pulse/
More information about the pulseaudio-discuss
mailing list