[ubuntu/oracular-proposed] libcdio 2.1.0-4.2ubuntu1 (Accepted)

Bruce Cable bruce.cable at canonical.com
Mon Jul 1 05:54:14 UTC 2024


libcdio (2.1.0-4.2ubuntu1) oracular; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-36600-1.patch: Allocates space for
      growth and additional buffer in lib/iso9660/rock.c
    - debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
      count to prevent an overflow in lib/driver/_cdio_stdio.c
    - debian/patches/CVE-2024-36600-3.patch: Adds input validation to
      unicode16_decode function in lib/udf/udf_fs.c
    - debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
      directory buffer size and total size calculation in
      lib/iso9660/iso9660_fs.c
    - debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
      dir read (32-bit) in lib/iso9660/iso9660_fs.c
    - debian/patches/CVE-2024-36600-6.patch: Checks the validity of
      i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
    - debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
      only when needed in lib/iso9660/iso9660_fs.c
    - CVE-2024-36600

Date: Mon, 01 Jul 2024 14:22:03 +1000
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/libcdio/2.1.0-4.2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 01 Jul 2024 14:22:03 +1000
Source: libcdio
Built-For-Profiles: noudeb
Architecture: source
Version: 2.1.0-4.2ubuntu1
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Changes:
 libcdio (2.1.0-4.2ubuntu1) oracular; urgency=medium
 .
   * SECURITY UPDATE: buffer overflow
     - debian/patches/CVE-2024-36600-1.patch: Allocates space for
       growth and additional buffer in lib/iso9660/rock.c
     - debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
       count to prevent an overflow in lib/driver/_cdio_stdio.c
     - debian/patches/CVE-2024-36600-3.patch: Adds input validation to
       unicode16_decode function in lib/udf/udf_fs.c
     - debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
       directory buffer size and total size calculation in
       lib/iso9660/iso9660_fs.c
     - debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
       dir read (32-bit) in lib/iso9660/iso9660_fs.c
     - debian/patches/CVE-2024-36600-6.patch: Checks the validity of
       i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
     - debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
       only when needed in lib/iso9660/iso9660_fs.c
     - CVE-2024-36600
Checksums-Sha1:
 0296f1dbade27b84b95908c2c751e75113098f9b 2351 libcdio_2.1.0-4.2ubuntu1.dsc
 e863b10a0c4fba0a5529e09b0e36f1a34ae9db73 16592 libcdio_2.1.0-4.2ubuntu1.debian.tar.xz
 4aa9cd47744decd9fd0605443635b70cc9cf3677 6322 libcdio_2.1.0-4.2ubuntu1_source.buildinfo
Checksums-Sha256:
 b01c6716df41c1f04f1a5baf24fdb98dbb75e1eb3f5f020c6bd830361b63dc42 2351 libcdio_2.1.0-4.2ubuntu1.dsc
 e5288945a64465d8ef1163f0d8910e5f37eeccfad975bc37247ca22d705825be 16592 libcdio_2.1.0-4.2ubuntu1.debian.tar.xz
 b9f956cb405ca4a704154fdcb27dc60c952123ff72077ae4d849069e9a644016 6322 libcdio_2.1.0-4.2ubuntu1_source.buildinfo
Files:
 3784586b60e573dbef3873820609fb11 2351 libs optional libcdio_2.1.0-4.2ubuntu1.dsc
 5902c7189fbf65becf9f88b23ed24ee5 16592 libs optional libcdio_2.1.0-4.2ubuntu1.debian.tar.xz
 88d954b95f1a73b5754d1f3d2f1770c6 6322 libs optional libcdio_2.1.0-4.2ubuntu1_source.buildinfo
Original-Maintainer: Gabriel F. T. Gomes <gabriel at debian.org>


More information about the oracular-changes mailing list