Ubuntu
libvorbis package

  1. Bug #232150
  2. Comment #2

Comment 2 for bug 232150

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvorbis - 1.2.0.dfsg-1ubuntu0.1

---------------
libvorbis (1.2.0.dfsg-1ubuntu0.1) gutsy-security; urgency=low

  * SECURITY UPDATE: crash or integer overflow with codebook.dim zero
    value (LP: #232150)
    - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: make sure value of
      codebook.dim is not zero in lib/codebook.c
    - CVE-2008-1419
  * SECURITY UPDATE: code execution via heap overflow in residue partition
    value (LP: #232150)
    - debian/patches/CVE-2008-1420.patch: verify the phrasebook is not
      specifying an impossible or inconsistent partitioning scheme in
      lib/res0.c
    - CVE-2008-1420
  * SECURITY UPDATE: code execution via heap overflow in a quantvals and
    quantlist calculation (LP: #232150)
    - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: add check for
      absurdly huge codebooks in lib/codebook.c
    - CVE-2008-1423

 -- Marc Deslauriers <email address hidden> Wed, 26 Nov 2008 10:20:38 -0500