Format: 1.7
Date: Wed, 26 Nov 2008 10:24:19 -0500
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev
Architecture: hppa
Version: 1.2.0.dfsg-2ubuntu0.1
Distribution: hardy
Urgency: low
Maintainer: Ubuntu/hppa Build Daemon <buildd@primero.buildd>
Changed-By: Marc Deslauriers <marcdeslauriers@videotron.ca>
Description: 
 libvorbis-dev - The Vorbis General Audio Compression Codec (development files)
 libvorbis0a - The Vorbis General Audio Compression Codec
 libvorbisenc2 - The Vorbis General Audio Compression Codec
 libvorbisfile3 - The Vorbis General Audio Compression Codec
Launchpad-Bugs-Fixed: 232150 232150 232150
Changes: 
 libvorbis (1.2.0.dfsg-2ubuntu0.1) hardy-security; urgency=low
 .
   * SECURITY UPDATE: crash or integer overflow with codebook.dim zero
     value (LP: #232150)
     - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: make sure value of
       codebook.dim is not zero in lib/codebook.c
     - CVE-2008-1419
   * SECURITY UPDATE: code execution via heap overflow in residue partition
     value (LP: #232150)
     - debian/patches/CVE-2008-1420.patch: verify the phrasebook is not
       specifying an impossible or inconsistent partitioning scheme in
       lib/res0.c
     - CVE-2008-1420
   * SECURITY UPDATE: code execution via heap overflow in a quantvals and
     quantlist calculation  (LP: #232150)
     - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: add check for
       absurdly huge codebooks in lib/codebook.c
     - CVE-2008-1423
Files: 
 550fb68e803bf60154f40f612b4f4646 108518 libs optional libvorbis0a_1.2.0.dfsg-2ubuntu0.1_hppa.deb
 e70bb917247f3d97a4eb31807e3bdd8a 92824 libs optional libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_hppa.deb
 1cd1242e408ec9d5a2931533c5980e65 22952 libs optional libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_hppa.deb
 dea648568ecfe794108a74872b58b261 487484 libdevel optional libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_hppa.deb
Original-Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>