-
libvorbis (1.2.3-3ubuntu1.1) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution
- debian/patches/CVE-2012-0444.patch: validate count in lib/floor1.c.
- CVE-2012-0444
-- Marc Deslauriers <email address hidden> Fri, 17 Feb 2012 15:33:12 -0500
-
libvorbis (1.2.3-3ubuntu1) lucid; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: add a couple of missing commits:
eliminate blocklist overflow in lib/backends.h, don't allow codeword
lengths longer than 32 bits in lib/codebook.c.
- CVE-2009-3379
* debian/rules, debian/control: add quilt patch system
-- Marc Deslauriers <email address hidden> Fri, 26 Feb 2010 10:22:23 -0500
-
libvorbis (1.2.3-3) unstable; urgency=low
* debian/copyright
- Add details for doc/rfc5215.txt (Closes: #550687).
* Add a -dbg package (Closes: #516661).
libvorbis (1.2.3-2) unstable; urgency=low
* Add back in changes from dfsg-5 and dfsg-6.
* Remove CVE-2009-2663.patch
libvorbis (1.2.3-1) unstable; urgency=low
* New upstream release (Closes: #543549, #249695) (LP: #418059).
- Remove upstream-r14811_huffman_sanity_checks.diff
- Remove CVE-2008-1420.patch
- Remove CVE-2008-1423+CVE-2008-1419.patch
* Draft RFCs have been replaced with RFC5215 which is DFSG compliant due to
clause 11. SO there is no more need for a dfsg binary.
* Update .symbol files.
* Update debian/control
+ Add version dependency on debhelper.
+ Bump to Standards-Version 3.8.3.
+ Add John Francesco Ferlito to Uploaders.
+ Remove Adeodato Simó from Uploaders.
+ Remove duplicate Section headers.
+ Update short descriptions.
* Remove quilt as there are currently no patches.
* Register HTML documentation with doc-base.
* Add lintian override for package-name-doesnt-match-sonames.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 05 Nov 2009 10:38:12 +0000
-
libvorbis (1.2.0.dfsg-6) unstable; urgency=high
* Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg
file to corrupt memory. (Closes: #540958)
* patches/CVE-2008-1420.patch: fix a regression playing files generated
by 1.0b1, from upstream trunk. Thanks Michael Gold. (Closes: #504421)
-- Michael Bienia <email address hidden> Mon, 17 Aug 2009 12:04:33 +0100