Ubuntu
libvorbis package

Change logs for libvorbis source package in Karmic

  1. Karmic (9.10)
  2. Change log 
  • libvorbis (1.2.0.dfsg-6ubuntu0.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    multiple vulnerabilities
    - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
      the comment packet if the string lengths are corrupt in lib/info.c,
      check for premature EOP in lib/res0.c, implement hardening in
      lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
      in lib/backends.h, don't allow codeword lengths longer than 32 bits
      in lib/codebook.c.
    - CVE-2009-3379
  * SECURITY UPDATE: code execution via heap overflow in residue partition
    value (LP: #232150)
    - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
      issue, but still maintain backwards compatibility in lib/res0.c,
      lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
    - CVE-2008-1420
 -- Marc Deslauriers <email address hidden>   Thu, 12 Nov 2009 15:02:17 -0500
  • libvorbis (1.2.0.dfsg-6) unstable; urgency=high

  * Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg
    file to corrupt memory.  (Closes: #540958)
  * patches/CVE-2008-1420.patch: fix a regression playing files generated
    by 1.0b1, from upstream trunk.  Thanks Michael Gold.  (Closes: #504421)

 -- Michael Bienia <email address hidden>   Mon,  17 Aug 2009 12:04:33 +0100
  • libvorbis (1.2.0.dfsg-5) unstable; urgency=low

  * New maintainer.
  * Standards-Version: 3.8.1.
  * gcc -fno-finite-math-only on armel, to work around a gcc bug
    (fixed upstream in gcc 4.3 and 4.4).  (Closes: #515949)
  * Fix watch file to unmangle .dfsg in version, thanks Lintian.
  * Distinguish the short descriptions of the different lib packages, and
    other tweaks to debian/control.  Thanks Lintian.  (Closes: #432688)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  01 Jun 2009 10:44:06 +0100
  • libvorbis (1.2.0.dfsg-4) unstable; urgency=low

  * Add upstream-r14811_huffman_sanity_checks.diff.  closes: #482039.
  * Bump to Standards-Version 3.8.0.
  * Remove myself from Uploaders.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  29 Apr 2009 12:02:31 +0100
  • libvorbis (1.2.0.dfsg-3.1) unstable; urgency=high

  * Non-maintainer upload by the security team
  * Fix integer overflows (and possible DoS attacks) via crafted
    OGG files (Closes: #482518)
    Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  27 May 2008 09:40:41 +0100