Format: 1.8 Date: Fri, 13 Nov 2009 09:11:02 -0500 Source: libvorbis Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev Architecture: i386 Version: 1.2.0.dfsg-3.1ubuntu0.9.04.2 Distribution: jaunty Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Marc Deslauriers Description: libvorbis-dev - The Vorbis General Audio Compression Codec (development files) libvorbis0a - The Vorbis General Audio Compression Codec libvorbisenc2 - The Vorbis General Audio Compression Codec libvorbisfile3 - The Vorbis General Audio Compression Codec Launchpad-Bugs-Fixed: 232150 Changes: libvorbis (1.2.0.dfsg-3.1ubuntu0.9.04.2) jaunty-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via multiple vulnerabilities - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of the comment packet if the string lengths are corrupt in lib/info.c, check for premature EOP in lib/res0.c, implement hardening in lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow in lib/backends.h, don't allow codeword lengths longer than 32 bits in lib/codebook.c. - CVE-2009-3379 * SECURITY UPDATE: denial of service via underpopulated Huffman trees - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add additional checking to the hufftree decoding in lib/block.c, examples/decoder_example.c, lib/sharedbook.c. - CVE-2008-2009 * SECURITY UPDATE: code execution via heap overflow in residue partition value (LP: #232150) - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix issue, but still maintain backwards compatibility in lib/res0.c, lib/modes/{residue_44u,residue_44}.h, lib/backends.h. - CVE-2008-1420 Checksums-Sha1: 34dd4963f2ff8b46f94c7719ced6d8294494bdc5 102774 libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb d221939aedf112c2cf4d814076f7a4e8176a97cd 77908 libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb ea94fc91676c2c82b2975f1e536da0af140a174e 21798 libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb 193625d255b63614f2c296b22a086215def7782a 460350 libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb Checksums-Sha256: 3f35af613b69b9469cc5ca10e757590814f854e2e57a6e30faa4f9156c55c57a 102774 libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb 5e01e8fa4679be054b14b760aa66b4d9902b2ab81c138e0e3aa5c208c6b3e15b 77908 libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb f41bbba885bb0175bcaa54e1d2d2eaf8d49b6f588a0605d90078ac49d585fb3f 21798 libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb 6cda987445f2b1146afd9d97fdcf35fe58f29fd50897ea4ee5d254d1f1152ef5 460350 libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb Files: c0294bc33be421dc97b5a41f0962a305 102774 libs optional libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb 4f631989517676b33426d8196ce86089 77908 libs optional libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb fd715839d6a485a560dc4ba3d6bd25f9 21798 libs optional libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb dcab6f09451ee399e6c3718fd7a290b4 460350 libdevel optional libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb Original-Maintainer: Debian Xiph.org Maintainers