Ubuntu
libvorbis package

Branches for Jaunty

Name Status Last Modified Last Commit
lp:ubuntu/jaunty/libvorbis 2 Mature 2009-12-05 05:34:13 UTC
9. * Non-maintainer upload by the securi...

Author: Steffen Joeris
Revision Date: 2008-05-26 12:48:06 UTC

* Non-maintainer upload by the security team
* Fix integer overflows (and possible DoS attacks) via crafted
  OGG files (Closes: #482518)
  Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419
lp:ubuntu/jaunty-security/libvorbis 2 Mature 2009-12-05 05:34:22 UTC
11. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2009-11-13 09:11:02 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
  - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
    additional checking to the hufftree decoding in lib/block.c,
    examples/decoder_example.c, lib/sharedbook.c.
  - CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420
lp:ubuntu/jaunty-updates/libvorbis bug 2 Mature 2009-12-05 05:36:12 UTC
11. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2009-11-13 09:11:02 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
  - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
    additional checking to the hufftree decoding in lib/block.c,
    examples/decoder_example.c, lib/sharedbook.c.
  - CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420
13 of 3 results FirstPreviousNextLast