Ubuntu
flac package

Change logs for flac source package in Vivid

  1. Vivid (15.04)
  2. Change log 
  • flac (1.3.1-1ubuntu1) vivid; urgency=medium

  * Fix symbols file for 32bit architectures. LP: #1409483.
 -- Matthias Klose <email address hidden>   Wed, 04 Mar 2015 15:28:13 +0100
  • flac (1.3.1-1) experimental; urgency=medium


  [ Jackson Doak ]
  * Disable silent rules
  * Enable hardening
  * Add symbols files

  [ Fabian Greffrath ]
  * Adapt debian/watch file to reflect actual upstream versioning scheme.
  * Imported Upstream version 1.3.1
    + Fixes CVE-2014-8962 and CVE-2014-9028 (Closes: #770918).
    + Support for 3DNOW! optimizations has been removed.
    + Localized RU documentation has been removed.
  * Drop patches applied upstream.
  * Backport patch from upstream GIT to fix another input validation bug.
  * Fix "privacy-breach-logo" and "privacy-breach-w3c-valid-html"
    lintian errors.
  * In debian/rules, remove the "override_dh_makeshlibs" rule
    for the symbols files to have effect.
  * Update, improve and convert debian/copyright to machine-readable format.
  * Bump Standards-Version to 3.9.6.

 -- Fabian Greffrath <email address hidden>  Mon, 01 Dec 2014 18:32:57 +0100
  • flac (1.3.0-3) unstable; urgency=high


  * Fixes for CVE-2014-8962 and CVE-2014-9028:
    + Backport three patches from upstream GIT repository:
      - CVE-2014-8962.patch: Fix a buffer read overflow.
      - CVE-2014-9028.patch: Avoid a heap overflow.
      - CVE-2014-9028-2.patch: Avoid a heap overflow. Closely related to
        the former fix, but strictly speaking not the same vulnerability.
    + Closes: #770918.
    + Thanks Erik de Castro Lopo for the bug report and the upstream fixes!

 -- Fabian Greffrath <email address hidden>  Thu, 27 Nov 2014 16:52:51 +0100
  • flac (1.3.0-2ubuntu1) vivid; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via crafted .flac file
    - debian/patches/CVE-2014-8962.patch: validate id in
      src/libFLAC/stream_decoder.c.
    - CVE-2014-8962
  * SECURITY UPDATE: arbitrary code execution via crafted .flac file
    - debian/patches/CVE-2014-9028.patch: error out to avoid heap overflow
      in src/libFLAC/stream_decoder.c.
    - CVE-2014-9028
 -- Marc Deslauriers <email address hidden>   Thu, 27 Nov 2014 12:21:50 -0500
  • flac (1.3.0-2) unstable; urgency=low


  [ Reinhard Tartler ]
  * switch to xz compression
  * Bump standards version (no changes)

  [ Fabian Greffrath ]
  * Add -lflac to flac++'s pkg-config file (Closes: #713645);
    thanks Sebastian Ramacher.

 -- Fabian Greffrath <email address hidden>  Tue, 03 Sep 2013 21:38:39 +0200