Debian Ardour vulnerabilities

CVE-2020-22617 [CRITICAL] CVE-2020-22617: ardour - Ardour v5.12 contains a use-after-free vulnerability in the component ardour/lib... Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. Scope: local bookworm: resolved (fixed in 1:6.0.0~ds0-1) bullseye: resolved (fixed in 1:6.0.0~ds0-1) forky: resolved (fixed in 1:6.0.0~ds0-1) sid: resolved (fixed in 1:6.0.0~ds0-1) trixie: resolved (fixed in 1:6.0.0~ds0-1)

CVE-2010-3349 [MEDIUM] CVE-2010-3349: ardour - Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which ... Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Scope: local bookworm: resolved (fixed in 1:2.8.11-2) bullseye: resolved (fixed in 1:2.8.11-2) forky: resolved (fixed in 1:2.8.11-2) sid: resolved (fixed in 1:2.8.11-2) trixie: resolv

CVE-2007-4974 [HIGH] CVE-2007-4974: ardour - Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17... Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size. Scope: local bookworm: resolved (fixed in 1:2.1-1.1) bullseye: resolved (fixed in 1:2.1-1.1) forky: resolved (fixed