Ubuntu
libvorbis package

Branches for Karmic

Name Status Last Modified Last Commit
lp:ubuntu/karmic/libvorbis 2 Mature 2009-12-05 05:34:45 UTC
12. * Fix CVE-2009-2663: two bugs in libv...

Author: Peter Samuelson
Revision Date: 2009-08-10 23:11:11 UTC

* Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg
  file to corrupt memory. (Closes: #540958)
* patches/CVE-2008-1420.patch: fix a regression playing files generated
  by 1.0b1, from upstream trunk. Thanks Michael Gold. (Closes: #504421)
lp:ubuntu/karmic-security/libvorbis bug 2 Mature 2009-12-05 05:36:30 UTC
13. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2009-11-12 15:02:17 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420
lp:ubuntu/karmic-updates/libvorbis 2 Mature 2009-12-05 05:35:10 UTC
13. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2009-11-12 15:02:17 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420
13 of 3 results FirstPreviousNextLast