[ubuntu/hardy-security] libvorbis 1.2.0.dfsg-2ubuntu0.3 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Nov 24 14:04:38 GMT 2009
libvorbis (1.2.0.dfsg-2ubuntu0.3) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
- debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
additional checking to the hufftree decoding in lib/block.c,
examples/decoder_example.c, lib/sharedbook.c.
- CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Date: Fri, 13 Nov 2009 09:53:56 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/libvorbis/1.2.0.dfsg-2ubuntu0.3
-------------- next part --------------
Format: 1.7
Date: Fri, 13 Nov 2009 09:53:56 -0500
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev
Architecture: source
Version: 1.2.0.dfsg-2ubuntu0.3
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libvorbis-dev - The Vorbis General Audio Compression Codec (development files)
libvorbis0a - The Vorbis General Audio Compression Codec
libvorbisenc2 - The Vorbis General Audio Compression Codec
libvorbisfile3 - The Vorbis General Audio Compression Codec
Launchpad-Bugs-Fixed: 232150
Changes:
libvorbis (1.2.0.dfsg-2ubuntu0.3) hardy-security; urgency=low
.
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
- debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
additional checking to the hufftree decoding in lib/block.c,
examples/decoder_example.c, lib/sharedbook.c.
- CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Files:
b9ab7e79ef09dbe4cc523245a179853c 937 libs optional libvorbis_1.2.0.dfsg-2ubuntu0.3.dsc
d7ac1cea7fd18471b0366844c4f2d434 12991 libs optional libvorbis_1.2.0.dfsg-2ubuntu0.3.diff.gz
Original-Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint at lists.alioth.debian.org>
More information about the Hardy-changes
mailing list