Mandriva: Subject: [Security Announce] [ MDVA-2009:121 ] pulseaudio

LinuxSecurity.com: Multiple bugs has been identified and corrected in pulseaudio: - alsa: allow configuration of fallback device strings in profiles util: if NULL is passed to pa_path_get_filename() just hand it through alsa: don't hit an assert when invalid module arguments are passed - alsa: fix wording, we are speaking of card profiles, not output profiles - alsa: initialize buffer size before number of periods to improve compat with some backends - conf: remove obsolete module-idle-time directive from default config file/man page - core: make sure soft mute status stays in sync with hw mute status endian: fix LE/BE order for 24 bit accessor functions - log: print file name only when we have it - man: document 24bit sample types in man page - man: document log related daemon.conf options - man: document that tsched doesn't use fragment settings - mutex: when we fail to fill in mutex into static mutex ptr free it again - oss: don't deadlock when we try to resume an OSS device that lacks a mixer - simple-protocol: don't hit an assert when we call connection_unlink() early - idxset: add enumeration macro PA_IDXSET_FOREACH - rescue-streams: when one stream move fails try to continue with the remaining ones - sample: correctly pass s24-32 formats - sample-util: fix iteration loop when adjusting volume of s24 samples - sample-util: properly allocate silence block for s24-32 formats - sconv: fix a few minor conversion issues - alsa: be a bit more verbose when a hwparam call fails - rescue: make we don't end up in an endless loop when we can't move a sink input - core: introduce pa_{sink,source}_set_fixed_latency() - core: cache requested latency only when we are running, not while we are still constructing - sample: fix build on BE archs - alsa: properly convert return values of snd_strerror() to utf8 - alsa: remove debug codeAdditional In addition to these fixes, several patches were recommended by upstream and QAed with help from Mandriva volunteers. These patches are also included.

Related Items