Publishing details
-
Removed from disk
.
-
Removal requested
.
-
Superseded
by libvorbis - 1.3.6-2
-
Published
-
Copied from
debian sid in
Primary Archive for Debian GNU/Linux
Changelog
libvorbis (1.3.6-1) unstable; urgency=medium
* Add more used CPE strings to d/upstream/metadata.
* Fix typo in patch description. Thanks lintian.
* Updated Standards-Version from 3.9.8 to 4.1.3.
* Changed debhelper compat level from 9 to 10.
* Remove no longer needed Testsuite header from d/control.
* Drop binary package libvorbis-dbg. Use automatically generated dbgsym
package instead.
* New upstream version 1.3.6.
- Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding.
- Fixes CVE-2017-14632 - free() on uninitialized data
- Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341)
- Removed obsolete patches
CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch,
CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and
CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch.
-- Petter Reinholdtsen <email address hidden> Thu, 22 Mar 2018 08:22:56 +0100
Builds
Package files