Ubuntu
libvorbis package

Branches for Hardy

Name Status Last Modified Last Commit
lp:ubuntu/hardy/libvorbis 2 Mature 2009-12-05 05:32:40 UTC
10. Bump shlibs for libvorbis0a due to ne...

Author: Dato Simó
Revision Date: 2007-08-14 20:55:54 UTC

Bump shlibs for libvorbis0a due to new vorbis_synthesis_idheader header.
(Closes: #436083)
lp:ubuntu/hardy-security/libvorbis bug 2 Mature 2009-12-05 05:34:59 UTC
13. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2009-11-13 09:53:56 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
  - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
    additional checking to the hufftree decoding in lib/block.c,
    examples/decoder_example.c, lib/sharedbook.c.
  - CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420
lp:ubuntu/hardy-updates/libvorbis 2 Mature 2009-12-05 05:33:12 UTC
13. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2009-11-13 09:53:56 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
  - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
    additional checking to the hufftree decoding in lib/block.c,
    examples/decoder_example.c, lib/sharedbook.c.
  - CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420
13 of 3 results FirstPreviousNextLast