[ubuntu/intrepid-security] libvorbis 1.2.0.dfsg-3.1ubuntu0.8.10.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Nov 24 14:04:30 GMT 2009
libvorbis (1.2.0.dfsg-3.1ubuntu0.8.10.2) intrepid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
- debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
additional checking to the hufftree decoding in lib/block.c,
examples/decoder_example.c, lib/sharedbook.c.
- CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Date: Fri, 13 Nov 2009 09:42:51 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/intrepid/+source/libvorbis/1.2.0.dfsg-3.1ubuntu0.8.10.2
-------------- next part --------------
Format: 1.8
Date: Fri, 13 Nov 2009 09:42:51 -0500
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev
Architecture: source
Version: 1.2.0.dfsg-3.1ubuntu0.8.10.2
Distribution: intrepid-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libvorbis-dev - The Vorbis General Audio Compression Codec (development files)
libvorbis0a - The Vorbis General Audio Compression Codec
libvorbisenc2 - The Vorbis General Audio Compression Codec
libvorbisfile3 - The Vorbis General Audio Compression Codec
Launchpad-Bugs-Fixed: 232150
Changes:
libvorbis (1.2.0.dfsg-3.1ubuntu0.8.10.2) intrepid-security; urgency=low
.
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
- debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
additional checking to the hufftree decoding in lib/block.c,
examples/decoder_example.c, lib/sharedbook.c.
- CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Checksums-Sha1:
e7fc9a2e886a6eb7d941161e2402ab2fc8698add 1391 libvorbis_1.2.0.dfsg-3.1ubuntu0.8.10.2.dsc
be1d92f892b73ac49479d7e2b3091760f50ac5a6 14099 libvorbis_1.2.0.dfsg-3.1ubuntu0.8.10.2.diff.gz
Checksums-Sha256:
c0020d9587f9e0369d1e8c30cd565fd560f0ba6e67afc9063b38a8de110fb99a 1391 libvorbis_1.2.0.dfsg-3.1ubuntu0.8.10.2.dsc
47afd35729c45b8d42525e1449eeb16ddda9ea2ce2ee466adf49d4dbf2ce94e3 14099 libvorbis_1.2.0.dfsg-3.1ubuntu0.8.10.2.diff.gz
Files:
f693d0a5b8d382d11eafee3eeaec74b5 1391 libs optional libvorbis_1.2.0.dfsg-3.1ubuntu0.8.10.2.dsc
3b381e5b9d4ff995371549d0f4049b17 14099 libs optional libvorbis_1.2.0.dfsg-3.1ubuntu0.8.10.2.diff.gz
Original-Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint at lists.alioth.debian.org>
More information about the Intrepid-changes
mailing list