[ubuntu/vivid-proposed] flac 1.3.0-2ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Nov 27 18:21:13 UTC 2014 

flac (1.3.0-2ubuntu1) vivid; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via crafted .flac file
    - debian/patches/CVE-2014-8962.patch: validate id in
      src/libFLAC/stream_decoder.c.
    - CVE-2014-8962
  * SECURITY UPDATE: arbitrary code execution via crafted .flac file
    - debian/patches/CVE-2014-9028.patch: error out to avoid heap overflow
      in src/libFLAC/stream_decoder.c.
    - CVE-2014-9028

Date: Thu, 27 Nov 2014 12:21:50 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/flac/1.3.0-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Nov 2014 12:21:50 -0500
Source: flac
Binary: flac libflac8 libflac-doc libflac-dev libflac++6 libflac++-dev
Architecture: source
Version: 1.3.0-2ubuntu1
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 flac       - Free Lossless Audio Codec - command line tools
 libflac++-dev - Free Lossless Audio Codec - C++ development library
 libflac++6 - Free Lossless Audio Codec - C++ runtime library
 libflac-dev - Free Lossless Audio Codec - C development library
 libflac-doc - Free Lossless Audio Codec - library documentation
 libflac8   - Free Lossless Audio Codec - runtime C library
Changes:
 flac (1.3.0-2ubuntu1) vivid; urgency=medium
 .
   * SECURITY UPDATE: arbitrary code execution via crafted .flac file
     - debian/patches/CVE-2014-8962.patch: validate id in
       src/libFLAC/stream_decoder.c.
     - CVE-2014-8962
   * SECURITY UPDATE: arbitrary code execution via crafted .flac file
     - debian/patches/CVE-2014-9028.patch: error out to avoid heap overflow
       in src/libFLAC/stream_decoder.c.
     - CVE-2014-9028
Checksums-Sha1:
 3f1288a97a091c09b563423399862d3bd9fd0366 2366 flac_1.3.0-2ubuntu1.dsc
 1bae86994ae4d1925492138af579863eb0e58e48 14552 flac_1.3.0-2ubuntu1.debian.tar.xz
Checksums-Sha256:
 e998eac7509784a2adbc2cef5e96a5d8c0bf226a9bea3b1c147e18d87509d0e4 2366 flac_1.3.0-2ubuntu1.dsc
 fd469f57ca9c61a54d0751cc360692715cafba5466858dd3a38c6a364b3df484 14552 flac_1.3.0-2ubuntu1.debian.tar.xz
Files:
 e9a86ae3ef4f026992486c0166d00217 2366 sound optional flac_1.3.0-2ubuntu1.dsc
 ab8b5113814df8fa3151cb7934d4b716 14552 sound optional flac_1.3.0-2ubuntu1.debian.tar.xz
Original-Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUd2sMAAoJEGVp2FWnRL6T9AMP/127lPGoI0LbW4VEIOcUNE3v
5eFJGLzn2VDjiXdT9k2YebH5w+Wxy5wX2HIW89+i7rzGRg58/iwN0Zv3jSZmKrYn
UEgG2bKQuF8uxX4jrOO+m7zQyyY35lBOw5s/dtjMyCVqVnS5aEy+tMdkGMwuzvIX
TbqjlTStqnV4S5QQCGkC6r2UyfuLQzXjOD6RkwKf30A1ls3pI7v7I/CTNh72H/OH
0JDlD5pBjC4d4DCj9OtgKogQFghxpGbqdHDCSyRBs+NUKpYf2uI9x7sjrsy/iMb9
+LL/i9ydji9KOb9RKp5s6hl+zo4xhdU3UPvBlX8lIiHtamfZIM/URpYU5FqZJn1Q
5o8nNt6Mj0sbAGkdxpxSqW98oNVgqlS0rNINrrGXY+qADM7E7dVkwW5Zz/0vZyKk
PmKvwOmTZme0C0WhiWs5g+fCXFsTKfFtgW0FI+45Zdlf3984kUcsTlr462tnsYf7
+etoIYPudw7ck+OEfvh0/oeIN0vdsV+nPl+apigdYQxB8rSeZKXUWYNq6NXrTO7u
L1tJUv4TKqFLs6zWtjmvqSyYxF3CmWQa4sUSvCiIW7gPN61Gz2rnS9RR9dskt1ap
kV3NERfhQ6wVCRUn89/9lryTlY9kp71TlLyVRQJfpc87RSYZvTqOWFFpaED4SFVY
Zql/O63Ejap3O/T6nCxR
=Q+Q8
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list