[SECURITY] Updated: flac-1.3.1-1

David Rothenberger daveroth@acm.org
Mon Dec 1 18:49:00 GMT 2014

A new version the flac, flac-devel, libFLAC8, and libFLAC++6
packages are now available for download.

This is a new upstream release. Please see
http://flac.sourceforge.net/changelog.html#flac_1_3_1 for the list
of changes since 1.3.0

This release fixes two security issues:
 * CVE-2014-9028 (heap write overflow)
 * CVE-2014-8962 (heap read overflow)

FLAC stands for Free Lossless Audio Codec, an audio format similar
to MP3, but lossless, meaning that audio is compressed in FLAC
without any loss in quality. This is similar to how Zip works,
except with FLAC you will get much better compression because it is
designed specifically for audio, and you can play back compressed
FLAC files in your favorite player (or your car or home stereo, see
supported devices) just like you would an MP3 file.

FLAC stands out as the fastest and most widely supported lossless
audio codec, and the only one that at once is non-proprietary, is
unencumbered by patents, has an open-source reference
implementation, has a well documented format and API, and has
several other independent implementations.

If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

David Rothenberger  ----  daveroth@acm.org

More information about the Cygwin-announce mailing list