libvorbis 1.2.0.dfsg-2ubuntu0.3 source package in Ubuntu
Changelog
libvorbis (1.2.0.dfsg-2ubuntu0.3) hardy-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via multiple vulnerabilities - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of the comment packet if the string lengths are corrupt in lib/info.c, check for premature EOP in lib/res0.c, implement hardening in lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow in lib/backends.h, don't allow codeword lengths longer than 32 bits in lib/codebook.c. - CVE-2009-3379 * SECURITY UPDATE: denial of service via underpopulated Huffman trees - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add additional checking to the hufftree decoding in lib/block.c, examples/decoder_example.c, lib/sharedbook.c. - CVE-2008-2009 * SECURITY UPDATE: code execution via heap overflow in residue partition value (LP: #232150) - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix issue, but still maintain backwards compatibility in lib/res0.c, lib/modes/{residue_44u,residue_44}.h, lib/backends.h. - CVE-2008-1420 -- Marc Deslauriers <email address hidden> Fri, 13 Nov 2009 09:53:56 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Hardy
- Original maintainer:
- Ubuntu Development Team
- Architectures:
- any
- Section:
- libs
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
libvorbis_1.2.0.dfsg.orig.tar.gz | 1.4 MiB | 401129deb8a78b53b0c2098a92cdb84114956ef399ce62b38ac28f0bde04133f |
libvorbis_1.2.0.dfsg-2ubuntu0.3.diff.gz | 12.7 KiB | 3792190370cf00ca339f3973b9fde83b37fb5d3fa82a848b86e4c7cd90f18bc2 |
libvorbis_1.2.0.dfsg-2ubuntu0.3.dsc | 937 bytes | 4fe6b0244c7a561ebf20168035f9991f7115891c4c6f5ea74cb4af49de5d4302 |
Available diffs
Binary packages built by this source
- libvorbis-dev: No summary available for libvorbis-dev in ubuntu hardy.
No description available for libvorbis-dev in ubuntu hardy.
- libvorbis0a: No summary available for libvorbis0a in ubuntu hardy.
No description available for libvorbis0a in ubuntu hardy.
- libvorbisenc2: No summary available for libvorbisenc2 in ubuntu hardy.
No description available for libvorbisenc2 in ubuntu hardy.
- libvorbisfile3: No summary available for libvorbisfile3 in ubuntu hardy.
No description available for libvorbisfile3 in ubuntu hardy.