* SECURITY UPDATE: crash or integer overflow with codebook.dim zero
value (LP: #232150)
- debian/patches/CVE-2008-1423+CVE-2008-1419.patch: make sure value of
codebook.dim is not zero in lib/codebook.c
- CVE-2008-1419
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420.patch: verify the phrasebook is not
specifying an impossible or inconsistent partitioning scheme in
lib/res0.c
- CVE-2008-1420
* SECURITY UPDATE: code execution via heap overflow in a quantvals and
quantlist calculation (LP: #232150)
- debian/patches/CVE-2008-1423+CVE-2008-1419.patch: add check for
absurdly huge codebooks in lib/codebook.c
- CVE-2008-1423
-- Marc Deslauriers <email address hidden> Wed, 26 Nov 2008 10:20:38 -0500
This bug was fixed in the package libvorbis - 1.2.0.dfsg- 1ubuntu0. 1
--------------- dfsg-1ubuntu0. 1) gutsy-security; urgency=low
libvorbis (1.2.0.
* SECURITY UPDATE: crash or integer overflow with codebook.dim zero patches/ CVE-2008- 1423+CVE- 2008-1419. patch: make sure value of patches/ CVE-2008- 1420.patch: verify the phrasebook is not patches/ CVE-2008- 1423+CVE- 2008-1419. patch: add check for
value (LP: #232150)
- debian/
codebook.dim is not zero in lib/codebook.c
- CVE-2008-1419
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/
specifying an impossible or inconsistent partitioning scheme in
lib/res0.c
- CVE-2008-1420
* SECURITY UPDATE: code execution via heap overflow in a quantvals and
quantlist calculation (LP: #232150)
- debian/
absurdly huge codebooks in lib/codebook.c
- CVE-2008-1423
-- Marc Deslauriers <email address hidden> Wed, 26 Nov 2008 10:20:38 -0500