Branch c9f2 update bulletin.

Package libinstpatch updated to version 1.1.6-alt1.1 for branch c9f2 in task 327704.

libinstpatch: new version

Package fluidsynth updated to version 2.2.4-alt1 for branch c9f2 in task 327704.

Published: 2021-04-29
Modified: 2024-11-21

CVE-2021-21417

fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://github.com/FluidSynth/fluidsynth/issues/808
https://github.com/FluidSynth/fluidsynth/issues/808
https://github.com/FluidSynth/fluidsynth/pull/810
https://github.com/FluidSynth/fluidsynth/pull/810
https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9
https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9
[debian-lts-announce] 20210629 [SECURITY] [DLA 2697-1] fluidsynth security update
[debian-lts-announce] 20210629 [SECURITY] [DLA 2697-1] fluidsynth security update

Version: 2.1.0

Branch c9f2 update on 2023-09-07

ALT-BU-2023-5468-1

ALT-PU-2023-5101-3

Closed bugs

Bug #38227

ALT-PU-2023-5102-3

Closed vulnerabilities

CVE-2021-21417