Back to libmad PTS page

Accepted libmad 0.15.1b-9 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted libmad 0.15.1b-9 (source) into unstable
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 28 Jan 2018 19:35:54 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1efsk6-000Iah-GL@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 28 Jan 2018 16:28:46 +0100
Source: libmad
Binary: libmad0 libmad0-dev
Architecture: source
Version: 0.15.1b-9
Distribution: unstable
Urgency: high
Maintainer: Mad Maintainers <pkg-mad-maintainers@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description:
 libmad0    - MPEG audio decoder library
 libmad0-dev - MPEG audio decoder development library
Closes: 287519
Changes:
 libmad (0.15.1b-9) unstable; urgency=high
 .
   * Properly check the size of the main data. The previous patch
     only checked that it could fit in the buffer, but didn't ensure there
     was actually enough room free in the buffer. This was assigned both
     CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
     different way to detect it. (Closes: #287519)
   * Rewrite patch to check the size of buffer. It now checks it before reading
     it instead of afterwards checking that we did read too much. This now also
     covers parsing the frame and layer3, not just layer 1 and 2. This was
     original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
Checksums-Sha1:
 57cdaf8db3f692fbb3ae676d2ba280c869a6f0f2 1860 libmad_0.15.1b-9.dsc
 0ab6e005cbc0e553d99784b520cd92f93eafc68a 13536 libmad_0.15.1b-9.diff.gz
 c11dc21dc3a20731221e31eb702e70f4bbc61128 6754 libmad_0.15.1b-9_source.buildinfo
Checksums-Sha256:
 4c0e95ae62cb51e2e9d80f47c967a9efbff5846c8076ba0ceddb1006fc6c58de 1860 libmad_0.15.1b-9.dsc
 b538f3f2e1686623f571561949bbd190a398fd6c288badbe81ec28499b9672e3 13536 libmad_0.15.1b-9.diff.gz
 a3251532ddda9fe1895c65ef1eba0acea6eed3436bbbe07233e744a3d8a81663 6754 libmad_0.15.1b-9_source.buildinfo
Files:
 63450fb09c6fa823ba948bc8fd15a866 1860 sound optional libmad_0.15.1b-9.dsc
 0cfc29f958d2b3661c82f260a84fe356 13536 sound optional libmad_0.15.1b-9.diff.gz
 c9a57a8888b9def24a7377caf5454692 6754 sound optional libmad_0.15.1b-9_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlpuIeQACgkQ48TdzR5M
EkSgLA/+LNIJjwdIz9R3Y0dVN8Zpf3D+CgkjTHkGdBNjcix6VrIJ8LyXwp4JBOoS
ngtIherhIjGWmgj/u6/CedspusPsr6zA3/SFvFofc3pMqOynvisXfSbXazclTone
A2Y+ALMXdV8FARE6e3lDFmtWwEBujJXQhTpl+5kVrNY7yQbiZF6yvUp/ouOms8uF
29huwxRObaRx2sB5w3HULnLhuFpNAVFVMNV3EZ6ovX0qtmW5C6IR5GbSiCBSe7VV
OSdc3SrdABmhKAZ3s2bqXRvZrgQ9/qzz0HYs6UEk1m2cGkijPpgagNwH7LwKRNgL
WXWjRwM1PVQtdXg2rmP1anPnP9K7C4BFi8ccibW3u7RMcS1h1NBHTYJ8ZaAzHji9
e1bdw9AsOpPJ0Y0pUdyh/HS2x2nZEPM5Asn3ReZvtvpmg+UfVTEeV7W3XjCXu8P/
urTdSycP2+gyjNn+bncpqEv1JMDVTcQ/jJ+lRB7EomS2GvkaMpo3VeBJoZuPki5Y
POBFI44y9J5uV8ggNs1xeUDzuiO9UX7Gu7u5iBUzobtBRXNvknk1BZ2klJnLWiVR
NXVUGDxa5g3kMQObcfdaSyusfUwDUKFPJp1Shp24HUUsYM3gaQ2JeVOujcVDWxss
4gAzYeLAT1hI81uNEfhp4wIxSxR6PMZ0kXG+nwqFsCDhq5ZeqfQ=
=ZeFP
-----END PGP SIGNATURE-----