Change logs for libvorbis source package in Cosmic

libvorbis (1.3.6-1) unstable; urgency=medium

  * Add more used CPE strings to d/upstream/metadata.
  * Fix typo in patch description.  Thanks lintian.
  * Updated Standards-Version from 3.9.8 to 4.1.3.
  * Changed debhelper compat level from 9 to  10.
  * Remove no longer needed Testsuite header from d/control.
  * Drop binary package libvorbis-dbg.  Use automatically generated dbgsym
    package instead.
  * New upstream version 1.3.6.
    - Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding.
    - Fixes CVE-2017-14632 - free() on uninitialized data
    - Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341)
    - Removed obsolete patches
      CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch,
      CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and
      CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch.

 -- Petter Reinholdtsen <email address hidden>  Thu, 22 Mar 2018 08:22:56 +0100

libvorbis (1.3.5-4.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Prevent out-of-bounds write in codebook decoding (CVE-2018-5146)
    (Closes: #893130)

 -- Salvatore Bonaccorso <email address hidden>  Fri, 16 Mar 2018 22:26:37 +0100