[ubuntu/karmic-security] libvorbis 1.2.0.dfsg-6ubuntu0.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Nov 24 14:04:14 GMT 2009
libvorbis (1.2.0.dfsg-6ubuntu0.1) karmic-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Date: Thu, 12 Nov 2009 15:02:17 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/libvorbis/1.2.0.dfsg-6ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Thu, 12 Nov 2009 15:02:17 -0500
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev
Architecture: source
Version: 1.2.0.dfsg-6ubuntu0.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libvorbis-dev - The Vorbis General Audio Compression Codec: development files
libvorbis0a - The Vorbis General Audio Compression Codec: decoder library
libvorbisenc2 - The Vorbis General Audio Compression Codec: encoder library
libvorbisfile3 - The Vorbis General Audio Compression Codec: high-level API
Changes:
libvorbis (1.2.0.dfsg-6ubuntu0.1) karmic-security; urgency=low
.
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Checksums-Sha1:
f287f41243e7f749e6899f4780ec9f8333e05f51 1240 libvorbis_1.2.0.dfsg-6ubuntu0.1.dsc
b337b940af13fcab0d92ec71e2dc528f766d1dbd 14077 libvorbis_1.2.0.dfsg-6ubuntu0.1.diff.gz
Checksums-Sha256:
427d87e2766e0aa61b5158a7681c87a7042422bf9f4c800836a657a1539c1a36 1240 libvorbis_1.2.0.dfsg-6ubuntu0.1.dsc
a742041c5456882d473a4c604a9e461aafc0d09a8704c176cf2786398e9e08e7 14077 libvorbis_1.2.0.dfsg-6ubuntu0.1.diff.gz
Files:
06738b4c14538449ec70061555bd5b95 1240 libs optional libvorbis_1.2.0.dfsg-6ubuntu0.1.dsc
1472bf5d0d81031673a907939ca5e13f 14077 libs optional libvorbis_1.2.0.dfsg-6ubuntu0.1.diff.gz
Launchpad-Bugs-Fixed: 232150
Original-Maintainer: Peter Samuelson <peter at p12n.org>
More information about the Karmic-changes
mailing list