Ubuntu
libvorbis package

lp:ubuntu/karmic-security/libvorbis

Karmic (9.10)
karmic-security

Created by James Westby on 2009-12-05 and last modified on 2009-12-05

Get this branch:: bzr branch lp:ubuntu/karmic-security/libvorbis

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

13. By Marc Deslauriers on 2009-11-12: * SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420
12. By Peter Samuelson <email address hidden> on 2009-08-10: * Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg
file to corrupt memory. (Closes: #540958)
* patches/CVE-2008-1420.patch: fix a regression playing files generated
by 1.0b1, from upstream trunk. Thanks Michael Gold. (Closes: #504421)
11. By Peter Samuelson <email address hidden> on 2009-05-28: * New maintainer.
* Standards-Version: 3.8.1.
* gcc -fno-finite-math-only on armel, to work around a gcc bug
(fixed upstream in gcc 4.3 and 4.4). (Closes: #515949)
* Fix watch file to unmangle .dfsg in version, thanks Lintian.
* Distinguish the short descriptions of the different lib packages, and
other tweaks to debian/control. Thanks Lintian. (Closes: #432688)
10. By Clint Adams on 2008-06-10: * Add upstream-r14811_huffman_sanity_checks.diff. closes: #482039.
* Bump to Standards-Version 3.8.0.
* Remove myself from Uploaders.
9. By Steffen Joeris <email address hidden> on 2008-05-26: * Non-maintainer upload by the security team
* Fix integer overflows (and possible DoS attacks) via crafted
OGG files (Closes: #482518)
Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419
8. By Joey Hess <email address hidden> on 2006-10-24: Fix shlibs files for libvorbisenc and libvorbisfile, which were broken
by my first NMU to have dependencies for libvorbis0a. Closes: #395048
7. By Sebastian Dröge on 2006-06-30: * Sync with Debian
* No remaining Ubuntu changes but different tarballs
6. By Fabio Massimo Di Nitto on 2006-05-02: Fix error in debian/rules and as a consequence FTBFS.
5. By Matthias Klose on 2005-12-14: * New upstream version.
* Build using default g++ again. Ubuntu #12722.
4. By Matthias Klose on 2005-07-21: Build using GCC 3.4. Addresses Ubuntu 12722.

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/lucid/libvorbis

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntulibvorbis package