Format: 1.7 Date: Wed, 26 Nov 2008 10:24:19 -0500 Source: libvorbis Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev Architecture: ia64 Version: 1.2.0.dfsg-2ubuntu0.1 Distribution: hardy Urgency: low Maintainer: Ubuntu/ia64 Build Daemon Changed-By: Marc Deslauriers Description: libvorbis-dev - The Vorbis General Audio Compression Codec (development files) libvorbis0a - The Vorbis General Audio Compression Codec libvorbisenc2 - The Vorbis General Audio Compression Codec libvorbisfile3 - The Vorbis General Audio Compression Codec Launchpad-Bugs-Fixed: 232150 232150 232150 Changes: libvorbis (1.2.0.dfsg-2ubuntu0.1) hardy-security; urgency=low . * SECURITY UPDATE: crash or integer overflow with codebook.dim zero value (LP: #232150) - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: make sure value of codebook.dim is not zero in lib/codebook.c - CVE-2008-1419 * SECURITY UPDATE: code execution via heap overflow in residue partition value (LP: #232150) - debian/patches/CVE-2008-1420.patch: verify the phrasebook is not specifying an impossible or inconsistent partitioning scheme in lib/res0.c - CVE-2008-1420 * SECURITY UPDATE: code execution via heap overflow in a quantvals and quantlist calculation (LP: #232150) - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: add check for absurdly huge codebooks in lib/codebook.c - CVE-2008-1423 Files: 2bf98b87cf028dd26be3698b71dc5b78 138878 libs optional libvorbis0a_1.2.0.dfsg-2ubuntu0.1_ia64.deb bbe2a015579e3cc01ed414922560cad8 98970 libs optional libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_ia64.deb 77a6a6df439bb9e9b9e4e43a2a4330ed 25790 libs optional libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_ia64.deb ced12e7634bbb899cb9400cb42699013 523308 libdevel optional libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_ia64.deb Original-Maintainer: Debian Xiph.org Maintainers