Ubuntu
libvorbis package

Change logs for libvorbis source package in Xenial

  1. Xenial (16.04)
  2. Change log 
  • libvorbis (1.3.5-3ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in codebook decoding
    - debian/patches/CVE-2018-5146.patch: fix codebook decoding in
      lib/codebook.c.
    - CVE-2018-5146

 -- Marc Deslauriers <email address hidden>  Wed, 21 Mar 2018 13:53:29 -0400
  • libvorbis (1.3.5-3ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Remote code execution
    - debian/patches/CVE-2017-14632.patch: don't clear opb in
      lib/info.c.
    - CVE-2017-14632
  * SECURITY UPDATE: out-of-bounds array read
    - debian/patches/CVE-2017-14633.patch: don't allow for more than
      256 channels in lib/info.c.
    - CVE-2017-14633

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 13 Feb 2018 13:21:29 -0300
  • libvorbis (1.3.5-3) unstable; urgency=medium

  * Replace Peter Samuelson with Ralph Giles as uploader.  Thank you
    Peter for all past work.
  * Fix autopkgtest script by redirecting stderr to log file.
  * Add new autopkgtest script test-coupling-segfault to detect if
    bug #772877 is present.

 -- Petter Reinholdtsen <email address hidden>  Thu, 11 Feb 2016 20:08:19 +0100
  • libvorbis (1.3.5-2) unstable; urgency=medium

  * Add build-essential to the list of autopkgtest dependencies to get gcc.

 -- Petter Reinholdtsen <email address hidden>  Sun, 07 Feb 2016 10:26:56 +0000
  • libvorbis (1.3.5-1) unstable; urgency=low

  [ Martin Steghöfer ]
  * New upstream version 1.3.5. (Closes: #798960)

  [ Petter Reinholdtsen ]
  * Added simple autopkgtest script running the examples.

 -- Petter Reinholdtsen <email address hidden>  Sat, 06 Feb 2016 13:17:12 +0000
  • libvorbis (1.3.4-3) unstable; urgency=low

  [ Martin Steghöfer ]
  * Fix crash on corrupt input file (invalid mode index). (Closes: #774516)
  * Take into account error codes returned from
    "vorbis_packet_blocksize" in "_initial_pcmoffset" (follow-up
    problem related to #774516).  Thanks to Timothy B. Terriberry
  * Fix segmentation fault on two subsequent seeks to 0. (Closes: #782831)

  [ Petter Reinholdtsen ]
  * Add debian/gbp.conf to enforce the user of pristine-tar.

 -- Petter Reinholdtsen <email address hidden>  Tue, 22 Sep 2015 14:30:24 +0200
  • libvorbis (1.3.4-2) unstable; urgency=low


  [ Martin Steghöfer ]
  * Add sampling rate sanity check to avoid invalid memory access.
    (Closes: #716613)

 -- Petter Reinholdtsen <email address hidden>  Mon, 03 Nov 2014 09:08:25 +0100