-
flac (1.3.1-1ubuntu1) vivid; urgency=medium
* Fix symbols file for 32bit architectures. LP: #1409483.
-- Matthias Klose <email address hidden> Wed, 04 Mar 2015 15:28:13 +0100
-
flac (1.3.1-1) experimental; urgency=medium
[ Jackson Doak ]
* Disable silent rules
* Enable hardening
* Add symbols files
[ Fabian Greffrath ]
* Adapt debian/watch file to reflect actual upstream versioning scheme.
* Imported Upstream version 1.3.1
+ Fixes CVE-2014-8962 and CVE-2014-9028 (Closes: #770918).
+ Support for 3DNOW! optimizations has been removed.
+ Localized RU documentation has been removed.
* Drop patches applied upstream.
* Backport patch from upstream GIT to fix another input validation bug.
* Fix "privacy-breach-logo" and "privacy-breach-w3c-valid-html"
lintian errors.
* In debian/rules, remove the "override_dh_makeshlibs" rule
for the symbols files to have effect.
* Update, improve and convert debian/copyright to machine-readable format.
* Bump Standards-Version to 3.9.6.
-- Fabian Greffrath <email address hidden> Mon, 01 Dec 2014 18:32:57 +0100
-
flac (1.3.0-3) unstable; urgency=high
* Fixes for CVE-2014-8962 and CVE-2014-9028:
+ Backport three patches from upstream GIT repository:
- CVE-2014-8962.patch: Fix a buffer read overflow.
- CVE-2014-9028.patch: Avoid a heap overflow.
- CVE-2014-9028-2.patch: Avoid a heap overflow. Closely related to
the former fix, but strictly speaking not the same vulnerability.
+ Closes: #770918.
+ Thanks Erik de Castro Lopo for the bug report and the upstream fixes!
-- Fabian Greffrath <email address hidden> Thu, 27 Nov 2014 16:52:51 +0100
-
flac (1.3.0-2ubuntu1) vivid; urgency=medium
* SECURITY UPDATE: arbitrary code execution via crafted .flac file
- debian/patches/CVE-2014-8962.patch: validate id in
src/libFLAC/stream_decoder.c.
- CVE-2014-8962
* SECURITY UPDATE: arbitrary code execution via crafted .flac file
- debian/patches/CVE-2014-9028.patch: error out to avoid heap overflow
in src/libFLAC/stream_decoder.c.
- CVE-2014-9028
-- Marc Deslauriers <email address hidden> Thu, 27 Nov 2014 12:21:50 -0500
-
flac (1.3.0-2) unstable; urgency=low
[ Reinhard Tartler ]
* switch to xz compression
* Bump standards version (no changes)
[ Fabian Greffrath ]
* Add -lflac to flac++'s pkg-config file (Closes: #713645);
thanks Sebastian Ramacher.
-- Fabian Greffrath <email address hidden> Tue, 03 Sep 2013 21:38:39 +0200