Ubuntu
libvorbis package

Change logs for libvorbis source package in Lucid

  1. Lucid (10.04)
  2. Change log 
  • libvorbis (1.2.3-3ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution
    - debian/patches/CVE-2012-0444.patch: validate count in lib/floor1.c.
    - CVE-2012-0444
 -- Marc Deslauriers <email address hidden>   Fri, 17 Feb 2012 15:33:12 -0500
  • libvorbis (1.2.3-3ubuntu1) lucid; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    multiple vulnerabilities
    - debian/patches/CVE-2009-3379.patch: add a couple of missing commits:
      eliminate blocklist overflow in lib/backends.h, don't allow codeword
      lengths longer than 32 bits in lib/codebook.c.
    - CVE-2009-3379
  * debian/rules, debian/control: add quilt patch system
 -- Marc Deslauriers <email address hidden>   Fri, 26 Feb 2010 10:22:23 -0500
  • libvorbis (1.2.3-3) unstable; urgency=low

  * debian/copyright
    - Add details for doc/rfc5215.txt (Closes: #550687).
  * Add a -dbg package (Closes: #516661).

libvorbis (1.2.3-2) unstable; urgency=low

  * Add back in changes from dfsg-5 and dfsg-6.
  * Remove CVE-2009-2663.patch

libvorbis (1.2.3-1) unstable; urgency=low

  * New upstream release (Closes: #543549, #249695) (LP: #418059).
    - Remove upstream-r14811_huffman_sanity_checks.diff
    - Remove CVE-2008-1420.patch
    - Remove CVE-2008-1423+CVE-2008-1419.patch
  * Draft RFCs have been replaced with RFC5215 which is DFSG compliant due to
    clause 11. SO there is no more need for a dfsg binary.
  * Update .symbol files.
  * Update debian/control
    + Add version dependency on debhelper.
    + Bump to Standards-Version 3.8.3.
    + Add John Francesco Ferlito to Uploaders.
    + Remove Adeodato Simó from Uploaders.
    + Remove duplicate Section headers.
    + Update short descriptions.
  * Remove quilt as there are currently no patches.
  * Register HTML documentation with doc-base.
  * Add lintian override for package-name-doesnt-match-sonames.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Thu,  05 Nov 2009 10:38:12 +0000
  • libvorbis (1.2.0.dfsg-6) unstable; urgency=high

  * Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg
    file to corrupt memory.  (Closes: #540958)
  * patches/CVE-2008-1420.patch: fix a regression playing files generated
    by 1.0b1, from upstream trunk.  Thanks Michael Gold.  (Closes: #504421)

 -- Michael Bienia <email address hidden>   Mon,  17 Aug 2009 12:04:33 +0100