lp:ubuntu/jaunty-updates/libvorbis
- Get this branch:
- bzr branch lp:ubuntu/jaunty-updates/libvorbis
Branch merges
Branch information
Recent revisions
- 11. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/ CVE-2009- 3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook, floor1, info,mapping0} .c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
- debian/patches/ upstream- r14811_ huffman_ sanity_ checks. diff: add
additional checking to the hufftree decoding in lib/block.c,
examples/decoder_ example. c, lib/sharedbook.c.
- CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/ CVE-2008- 1420-2. patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{ residue_ 44u,residue_ 44}.h, lib/backends.h.
- CVE-2008-1420 - 10. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution from
crafted .ogg file (LP: #413528)
- debian/patches/ CVE-2009- 2663.patch: don't allow repeated values in
post list in lib/floor1.c and make sure maptype is valid in
lib/res0.c.
- CVE-2009-2663
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/ CVE-2008- 1420.patch: update patch to fix regression
when reading files encoded with libvorbis 1.0beta1.
- CVE-2008-1420 - 9. By Steffen Joeris <email address hidden>
-
* Non-maintainer upload by the security team
* Fix integer overflows (and possible DoS attacks) via crafted
OGG files (Closes: #482518)
Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419 - 8. By Joey Hess <email address hidden>
-
Fix shlibs files for libvorbisenc and libvorbisfile, which were broken
by my first NMU to have dependencies for libvorbis0a. Closes: #395048 - 3. By Chris Cheney
-
* New upstream.
* Improved descriptions. (Closes: #166649)
* Updated DEB_BUILD_OPTIONS support. (Closes: #188464) - 2. By Chris Cheney
-
* New upstream. (Closes: #121995, #123472)
* added autotools target (config.* updater) to rules
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/libvorbis