Fix for CVE-2018-17095.

822b732fd31ffcb78f6920001e9b1fbd815fa712.patch

@@ -0,0 +1,26 @@
+From 822b732fd31ffcb78f6920001e9b1fbd815fa712 Mon Sep 17 00:00:00 2001
+From: Wim Taymans <wtaymans@redhat.com>
+Date: Thu, 27 Sep 2018 12:11:12 +0200
+Subject: [PATCH] SimpleModule: set output chunk framecount after pull
+
+After pulling the data, set the output chunk to the amount of
+frames we pulled so that the next module in the chain has the correct
+frame count.
+
+Fixes #50 and #51
+---
+ libaudiofile/modules/SimpleModule.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libaudiofile/modules/SimpleModule.cpp b/libaudiofile/modules/SimpleModule.cpp
+index 2bae1eb..e87932c 100644
+--- a/libaudiofile/modules/SimpleModule.cpp
++++ b/libaudiofile/modules/SimpleModule.cpp
+@@ -26,6 +26,7 @@
+ void SimpleModule::runPull()
+ {
+ 	pull(m_outChunk->frameCount);
++	m_outChunk->frameCount = m_inChunk->frameCount;
+ 	run(*m_inChunk, *m_outChunk);
+ }
+ 

audiofile.spec

@@ -3,7 +3,7 @@
 Summary: Library for accessing various audio file formats
 Name: audiofile
 Version: 0.3.6
-Release: 19%{?dist}
+Release: 20%{?dist}
 Epoch: 1
 # library is LGPL / the two programs GPL / see README
 License: LGPLv2+ and GPLv2+
@@ -25,7 +25,7 @@ Patch2: audiofile-0.3.6-narrowing.patch
 Patch3: audiofile-0.3.6-pull42.patch
 Patch4: audiofile-0.3.6-pull43.patch
 Patch5: audiofile-0.3.6-pull44.patch
-
+Patch6: 822b732fd31ffcb78f6920001e9b1fbd815fa712.patch
 
 %description
 The Audio File library is an implementation of the Audio File Library
@@ -53,6 +53,7 @@ other resources you can use to develop Audio File applications.
 %patch3 -p1 -b .pull42
 %patch4 -p1 -b .pull43
 %patch5 -p1 -b .pull44
+%patch6 -p1 -b .CVE-2018-17095
 
 %build
 %configure
@@ -92,6 +93,9 @@ make check
 %{_mandir}/man3/*
 
 %changelog
+* Tue Oct 09 2018 Gwyn Ciesla <limburgher@gmail.com> - 1:0.3.6-20
+- Fix for CVE-2018-17095.
+
 * Mon Aug 13 2018 Leigh Scott <leigh123linux@googlemail.com> - 1:0.3.6-19
 - Fix build