lp:ubuntu/hardy-security/libvorbis
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/libvorbis
Branch merges
Branch information
Recent revisions
- 13. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/ CVE-2009- 3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook, floor1, info,mapping0} .c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
- debian/patches/ upstream- r14811_ huffman_ sanity_ checks. diff: add
additional checking to the hufftree decoding in lib/block.c,
examples/decoder_ example. c, lib/sharedbook.c.
- CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/ CVE-2008- 1420-2. patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{ residue_ 44u,residue_ 44}.h, lib/backends.h.
- CVE-2008-1420 - 12. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution from
crafted .ogg file (LP: #413528)
- debian/patches/ CVE-2009- 2663.patch: don't allow repeated values in
post list in lib/floor1.c and make sure maptype is valid in
lib/res0.c.
- CVE-2009-2663
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/ CVE-2008- 1420.patch: update patch to fix regression
when reading files encoded with libvorbis 1.0beta1.
- CVE-2008-1420 - 11. By Marc Deslauriers
-
* SECURITY UPDATE: crash or integer overflow with codebook.dim zero
value (LP: #232150)
- debian/patches/ CVE-2008- 1423+CVE- 2008-1419. patch: make sure value of
codebook.dim is not zero in lib/codebook.c
- CVE-2008-1419
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/ CVE-2008- 1420.patch: verify the phrasebook is not
specifying an impossible or inconsistent partitioning scheme in
lib/res0.c
- CVE-2008-1420
* SECURITY UPDATE: code execution via heap overflow in a quantvals and
quantlist calculation (LP: #232150)
- debian/patches/ CVE-2008- 1423+CVE- 2008-1419. patch: add check for
absurdly huge codebooks in lib/codebook.c
- CVE-2008-1423 - 10. By Dato Simó
-
Bump shlibs for libvorbis0a due to new vorbis_
synthesis_ idheader header.
(Closes: #436083) - 9. By Clint Adams
-
[ Adeodato Simó ]
* Use ${binary:Version} instead of ${Source-Version}.[ Clint Adams ]
* New upstream release.
- Remove upstream_r13198- fix_segfault_ in_ov_time_ seek.diff .
* Bump shlibs for libvorbisfile3 to >= 1.2.0 due to new ov_fopen
function. - 8. By Joey Hess <email address hidden>
-
Fix shlibs files for libvorbisenc and libvorbisfile, which were broken
by my first NMU to have dependencies for libvorbis0a. Closes: #395048
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/libvorbis