Ubuntu
libvorbis package

Change logs for libvorbis source package in Disco

  1. Disco (19.04)
  2. Change log 
  • libvorbis (1.3.6-2) unstable; urgency=medium

  * Team upload

  [ Ondřej Nový ]
  * d/tests: Use AUTOPKGTEST_TMP instead of ADTTMP
  * d/changelog: Remove trailing whitespaces
  * d/control: Remove trailing whitespaces
  * d/control: Set Vcs-* to salsa.debian.org

  [ Florian Schlichting ]
  * Set Maintainer address to Debian Multimedia Maintainers (closes: #899590)
  * Cherry-pick two patches from upstream git (closes: #876780):
    + 0003-CVE-2017-14160-fix-bounds-check-on-very-low-sample-r.patch
      (this is also CVE-2018-10393)
    + 0004-Sanity-check-number-of-channels-in-setup.patch (CVE-2018-10392)
  * Use secure URIs for xiph.org
  * Update d/copyright to copyright-format 1.0
  * Bump dh compat to level 12
  * Enable all hardening build flags
  * Add Build-Depends-Package field to symbols files
  * Declare compliance with Debian Policy 4.3.0
  * Drop debian/source.lintian-overrides, it is apparently unused
  * Make lintian happy: "I" is a number here
  * Update debian/tests/test-examples, the examples are no longer gzipped at
    this compat level
  * Add 0005-vorbisenc-detect-if-new-template-is-null.patch from upstream git
    to fix the autopkgtest (closes: #772877)

 -- Florian Schlichting <email address hidden>  Mon, 25 Feb 2019 22:02:32 +0100
  • libvorbis (1.3.6-1) unstable; urgency=medium

  * Add more used CPE strings to d/upstream/metadata.
  * Fix typo in patch description.  Thanks lintian.
  * Updated Standards-Version from 3.9.8 to 4.1.3.
  * Changed debhelper compat level from 9 to  10.
  * Remove no longer needed Testsuite header from d/control.
  * Drop binary package libvorbis-dbg.  Use automatically generated dbgsym
    package instead.
  * New upstream version 1.3.6.
    - Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding.
    - Fixes CVE-2017-14632 - free() on uninitialized data
    - Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341)
    - Removed obsolete patches
      CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch,
      CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and
      CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch.

 -- Petter Reinholdtsen <email address hidden>  Thu, 22 Mar 2018 08:22:56 +0100