[ubuntu/jaunty-security] libvorbis 1.2.0.dfsg-3.1ubuntu0.9.04.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Nov 24 14:04:21 GMT 2009
libvorbis (1.2.0.dfsg-3.1ubuntu0.9.04.2) jaunty-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
- debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
additional checking to the hufftree decoding in lib/block.c,
examples/decoder_example.c, lib/sharedbook.c.
- CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Date: Fri, 13 Nov 2009 09:11:02 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/libvorbis/1.2.0.dfsg-3.1ubuntu0.9.04.2
-------------- next part --------------
Format: 1.8
Date: Fri, 13 Nov 2009 09:11:02 -0500
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev
Architecture: source
Version: 1.2.0.dfsg-3.1ubuntu0.9.04.2
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libvorbis-dev - The Vorbis General Audio Compression Codec (development files)
libvorbis0a - The Vorbis General Audio Compression Codec
libvorbisenc2 - The Vorbis General Audio Compression Codec
libvorbisfile3 - The Vorbis General Audio Compression Codec
Launchpad-Bugs-Fixed: 232150
Changes:
libvorbis (1.2.0.dfsg-3.1ubuntu0.9.04.2) jaunty-security; urgency=low
.
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
- debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
additional checking to the hufftree decoding in lib/block.c,
examples/decoder_example.c, lib/sharedbook.c.
- CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Checksums-Sha1:
491628c49d863588de0e1f95974c7ab1c0d13c28 1391 libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.dsc
abe9237f00ea66879efb5f86b97b8f4af1188e17 14106 libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.diff.gz
Checksums-Sha256:
b883a0933c83c73deb07f7f7d6df571ef1c48919f0bfa136edc081446c8f0c60 1391 libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.dsc
c62a0f269e50f8d0378a2545a5421330e853a584fc5a061b018b4acfced20996 14106 libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.diff.gz
Files:
8237287820fda9e5caaf1645917012a9 1391 libs optional libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.dsc
806c51558b40e8a0173258e322126dfc 14106 libs optional libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.diff.gz
Original-Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint at lists.alioth.debian.org>
More information about the Jaunty-changes
mailing list