Format: 1.7 Date: Wed, 26 Nov 2008 10:24:19 -0500 Source: libvorbis Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev Architecture: lpia Version: 1.2.0.dfsg-2ubuntu0.1 Distribution: hardy Urgency: low Maintainer: Ubuntu/lpia Build Daemon Changed-By: Marc Deslauriers Description: libvorbis-dev - The Vorbis General Audio Compression Codec (development files) libvorbis0a - The Vorbis General Audio Compression Codec libvorbisenc2 - The Vorbis General Audio Compression Codec libvorbisfile3 - The Vorbis General Audio Compression Codec Launchpad-Bugs-Fixed: 232150 232150 232150 Changes: libvorbis (1.2.0.dfsg-2ubuntu0.1) hardy-security; urgency=low . * SECURITY UPDATE: crash or integer overflow with codebook.dim zero value (LP: #232150) - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: make sure value of codebook.dim is not zero in lib/codebook.c - CVE-2008-1419 * SECURITY UPDATE: code execution via heap overflow in residue partition value (LP: #232150) - debian/patches/CVE-2008-1420.patch: verify the phrasebook is not specifying an impossible or inconsistent partitioning scheme in lib/res0.c - CVE-2008-1420 * SECURITY UPDATE: code execution via heap overflow in a quantvals and quantlist calculation (LP: #232150) - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: add check for absurdly huge codebooks in lib/codebook.c - CVE-2008-1423 Files: af5d515bb4159f811df31789606cf6fa 99072 libs optional libvorbis0a_1.2.0.dfsg-2ubuntu0.1_lpia.deb 39f582ff09a3e43c6690ece11c1272de 76154 libs optional libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_lpia.deb 2482fd35cdcfaf93af997a11f2277859 19778 libs optional libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_lpia.deb 6b6c65e2e8a4883c567723a31c970909 457272 libdevel optional libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_lpia.deb Original-Maintainer: Debian Xiph.org Maintainers