libvorbis (1.2.0.dfsg-3.1ubuntu0.9.04.2) jaunty-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
- debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
additional checking to the hufftree decoding in lib/block.c,
examples/decoder_example.c, lib/sharedbook.c.
- CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Date: Fri, 13 Nov 2009 09:11:02 -0500
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Ubuntu Core Developers <[email protected]>
https://launchpad.net/ubuntu/jaunty/+source/libvorbis/1.2.0.dfsg-3.1ubuntu0.9.04.2
Format: 1.8
Date: Fri, 13 Nov 2009 09:11:02 -0500
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev
Architecture: source
Version: 1.2.0.dfsg-3.1ubuntu0.9.04.2
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <[email protected]>
Changed-By: Marc Deslauriers <[email protected]>
Description:
libvorbis-dev - The Vorbis General Audio Compression Codec (development files)
libvorbis0a - The Vorbis General Audio Compression Codec
libvorbisenc2 - The Vorbis General Audio Compression Codec
libvorbisfile3 - The Vorbis General Audio Compression Codec
Launchpad-Bugs-Fixed: 232150
Changes:
libvorbis (1.2.0.dfsg-3.1ubuntu0.9.04.2) jaunty-security; urgency=low
.
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
- debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
additional checking to the hufftree decoding in lib/block.c,
examples/decoder_example.c, lib/sharedbook.c.
- CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Checksums-Sha1:
491628c49d863588de0e1f95974c7ab1c0d13c28 1391
libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.dsc
abe9237f00ea66879efb5f86b97b8f4af1188e17 14106
libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.diff.gz
Checksums-Sha256:
b883a0933c83c73deb07f7f7d6df571ef1c48919f0bfa136edc081446c8f0c60 1391
libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.dsc
c62a0f269e50f8d0378a2545a5421330e853a584fc5a061b018b4acfced20996 14106
libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.diff.gz
Files:
8237287820fda9e5caaf1645917012a9 1391 libs optional
libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.dsc
806c51558b40e8a0173258e322126dfc 14106 libs optional
libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.diff.gz
Original-Maintainer: Debian Xiph.org Maintainers
<[email protected]>
--
Jaunty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/jaunty-changes
