Format: 1.8
Date: Thu, 12 Nov 2009 15:02:17 -0500
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev
Architecture: armel
Version: 1.2.0.dfsg-6ubuntu0.1
Distribution: karmic
Urgency: low
Maintainer: Ubuntu/armel Build Daemon <buildd@imbe.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libvorbis-dev - The Vorbis General Audio Compression Codec: development files
 libvorbis0a - The Vorbis General Audio Compression Codec: decoder library
 libvorbisenc2 - The Vorbis General Audio Compression Codec: encoder library
 libvorbisfile3 - The Vorbis General Audio Compression Codec: high-level API
Changes: 
 libvorbis (1.2.0.dfsg-6ubuntu0.1) karmic-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible code execution via
     multiple vulnerabilities
     - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
       the comment packet if the string lengths are corrupt in lib/info.c,
       check for premature EOP in lib/res0.c, implement hardening in
       lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
       in lib/backends.h, don't allow codeword lengths longer than 32 bits
       in lib/codebook.c.
     - CVE-2009-3379
   * SECURITY UPDATE: code execution via heap overflow in residue partition
     value (LP: #232150)
     - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
       issue, but still maintain backwards compatibility in lib/res0.c,
       lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
     - CVE-2008-1420
Checksums-Sha1: 
 e0854edc9933760c0a72304c84d8246de082df7b 106322 libvorbis0a_1.2.0.dfsg-6ubuntu0.1_armel.deb
 425ba8a2e579298c398524819d9d35d4bcd6b65e 78554 libvorbisenc2_1.2.0.dfsg-6ubuntu0.1_armel.deb
 ff3fcb1b4f143228c7ea515235b9c0c429eb9b0b 22624 libvorbisfile3_1.2.0.dfsg-6ubuntu0.1_armel.deb
 cfd72b5c8954b34a0cd3a49f8ec7cdcb4e026e74 472930 libvorbis-dev_1.2.0.dfsg-6ubuntu0.1_armel.deb
Checksums-Sha256: 
 786d36138b80879d25544b12635efe9da1411664ce8b32801b336083b099f9dd 106322 libvorbis0a_1.2.0.dfsg-6ubuntu0.1_armel.deb
 52062772937bec43562e17bac62b37dccc54c8e922c98a401dbfe00558cabe88 78554 libvorbisenc2_1.2.0.dfsg-6ubuntu0.1_armel.deb
 54c58ec85b5a6a0ee3d7b41aee45b290582e52d1e3573bffb7a60861d9bf497d 22624 libvorbisfile3_1.2.0.dfsg-6ubuntu0.1_armel.deb
 397a66045e9febce0cfa33d1e310cff3c2d377aa806bbdd95d0a949b657fcd2e 472930 libvorbis-dev_1.2.0.dfsg-6ubuntu0.1_armel.deb
Files: 
 1f02f73df2ecfc47c934f964223d84d8 106322 libs optional libvorbis0a_1.2.0.dfsg-6ubuntu0.1_armel.deb
 867ace57c33411f63c0d2624e492af3f 78554 libs optional libvorbisenc2_1.2.0.dfsg-6ubuntu0.1_armel.deb
 d23e792a99b45dc25bf57e4f74c11af3 22624 libs optional libvorbisfile3_1.2.0.dfsg-6ubuntu0.1_armel.deb
 f9fe49f8aab6360c23c36b23a70bfa6e 472930 libdevel optional libvorbis-dev_1.2.0.dfsg-6ubuntu0.1_armel.deb
Launchpad-Bugs-Fixed: 232150
Original-Maintainer: Peter Samuelson <peter@p12n.org>