lp:ubuntu/karmic-updates/libvorbis
- Get this branch:
- bzr branch lp:ubuntu/karmic-updates/libvorbis
Branch merges
Branch information
Recent revisions
- 13. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/ CVE-2009- 3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook, floor1, info,mapping0} .c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/ CVE-2008- 1420-2. patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{ residue_ 44u,residue_ 44}.h, lib/backends.h.
- CVE-2008-1420 - 12. By Peter Samuelson <email address hidden>
-
* Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg
file to corrupt memory. (Closes: #540958)
* patches/CVE-2008- 1420.patch: fix a regression playing files generated
by 1.0b1, from upstream trunk. Thanks Michael Gold. (Closes: #504421) - 11. By Peter Samuelson <email address hidden>
-
* New maintainer.
* Standards-Version: 3.8.1.
* gcc -fno-finite-math-only on armel, to work around a gcc bug
(fixed upstream in gcc 4.3 and 4.4). (Closes: #515949)
* Fix watch file to unmangle .dfsg in version, thanks Lintian.
* Distinguish the short descriptions of the different lib packages, and
other tweaks to debian/control. Thanks Lintian. (Closes: #432688) - 10. By Clint Adams
-
* Add upstream-
r14811_ huffman_ sanity_ checks. diff. closes: #482039.
* Bump to Standards-Version 3.8.0.
* Remove myself from Uploaders. - 9. By Steffen Joeris <email address hidden>
-
* Non-maintainer upload by the security team
* Fix integer overflows (and possible DoS attacks) via crafted
OGG files (Closes: #482518)
Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419 - 8. By Joey Hess <email address hidden>
-
Fix shlibs files for libvorbisenc and libvorbisfile, which were broken
by my first NMU to have dependencies for libvorbis0a. Closes: #395048
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/libvorbis