Description of problem: As per <https://bodhi.fedoraproject.org/updates/FEDORA-2015-5afed1aad2>, a fix for CVE-2015-7805 was provided for stable on 2015-11-13, release 17.fc23. As per 'dnf info libsndfile', I have this version installed here on my FC23 machine. However, the demo from <https://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html> still makes audacity crash. Version-Release number of selected component (if applicable): FC23 and libsndfile 1.0.25 17.fc23. How reproducible: Run the Perl script from <https://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html> and call 'audacity nemux.aiff'. Actual results: Segmentation fault. Expected results: Audacity should start. I tested this on an Ubuntu-based distribution.
You are right, that patch was incomplete.
libsndfile-1.0.25-18.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-71b291686c
libsndfile-1.0.17-8.el5 has been submitted as an update to Fedora EPEL 5. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2
libsndfile-1.0.25-18.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-0be7a2e1b8
libsndfile-1.0.17-8.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'yum --enablerepo=epel-testing update libsndfile' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2
libsndfile-1.0.25-18.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update libsndfile' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-0be7a2e1b8
libsndfile-1.0.25-18.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update libsndfile' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-71b291686c
libsndfile-1.0.25-18.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
libsndfile-1.0.25-18.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
libsndfile-1.0.17-8.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.