Accepted libmad 0.15.1b-8+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 01 May 2018 13:20:28 +0200
Source: libmad
Binary: libmad0 libmad0-dev
Architecture: source amd64
Version: 0.15.1b-8+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Mad Maintainers <pkg-mad-maintainers@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description:
libmad0 - MPEG audio decoder library
libmad0-dev - MPEG audio decoder development library
Closes: 287519
Changes:
libmad (0.15.1b-8+deb9u1) stretch-security; urgency=high
.
* Properly check the size of the main data. The previous patch
only checked that it could fit in the buffer, but didn't ensure there
was actually enough room free in the buffer. This was assigned both
CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
different way to detect it. (Closes: #287519)
* Rewrite patch to check the size of buffer. It now checks it before reading
it instead of afterwards checking that we did read too much. This now also
covers parsing the frame and layer3, not just layer 1 and 2. This was
original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
Checksums-Sha1:
04cc06ae09edb60f1cda7beaac6a744885b350be 1926 libmad_0.15.1b-8+deb9u1.dsc
cac19cd00e1a907f3150cc040ccc077783496d76 502379 libmad_0.15.1b.orig.tar.gz
12db76295603655c090a5aeae6a5bf8c4bf3b763 13490 libmad_0.15.1b-8+deb9u1.diff.gz
a6408f5bf8842a7247ce5c58a735021e3be91f05 3632 libmad0-dbgsym_0.15.1b-8+deb9u1_amd64.deb
19aa8b3ddd126d72949ca65100f4edf57961342c 78676 libmad0-dev_0.15.1b-8+deb9u1_amd64.deb
8004b2586e618f8a2536521d4c45f2a36198230c 70728 libmad0_0.15.1b-8+deb9u1_amd64.deb
c97af0ebefe028d21ebdc2f316979f96448491be 6336 libmad_0.15.1b-8+deb9u1_amd64.buildinfo
Checksums-Sha256:
022e21d5adaa93adb98b604b5aa444df85f55eb2365d9f26b340976b3ad7ebaa 1926 libmad_0.15.1b-8+deb9u1.dsc
bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690 502379 libmad_0.15.1b.orig.tar.gz
e9f0d81cfeea77e3e6b09ff153c65b6a3d5232382e70b7a754c447720d8a12c2 13490 libmad_0.15.1b-8+deb9u1.diff.gz
a49b0025361730de473f837bb709d82effeec0cc0e9dab916fb6027dcfc56de3 3632 libmad0-dbgsym_0.15.1b-8+deb9u1_amd64.deb
da774302b902a5f92f266e92f105adbd5c717846963626e4af71b3d2006aa794 78676 libmad0-dev_0.15.1b-8+deb9u1_amd64.deb
8d3c851119b943be053d67a83701f79d3fa3f14c7bed7458f353a8c366a4be7e 70728 libmad0_0.15.1b-8+deb9u1_amd64.deb
650059267cbc61fe54b13ddb2a346186397a1ab7bf876864e09f8eb2567aeb76 6336 libmad_0.15.1b-8+deb9u1_amd64.buildinfo
Files:
c801fe1e9b8c21055a46ddede164299f 1926 sound optional libmad_0.15.1b-8+deb9u1.dsc
1be543bc30c56fb6bea1d7bf6a64e66c 502379 sound optional libmad_0.15.1b.orig.tar.gz
94a2ba304d0482051e8e18fb5f71cf80 13490 sound optional libmad_0.15.1b-8+deb9u1.diff.gz
9765426c66cba4d3a92012f55ea429c6 3632 debug extra libmad0-dbgsym_0.15.1b-8+deb9u1_amd64.deb
eac4e030d64d45c518676993c657be74 78676 libdevel optional libmad0-dev_0.15.1b-8+deb9u1_amd64.deb
2f210109b458df559e4c1f3577e04455 70728 libs optional libmad0_0.15.1b-8+deb9u1_amd64.deb
4e271c3c7b5ed04a1d9eab24e8f112e0 6336 sound optional libmad_0.15.1b-8+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlroY8QACgkQ48TdzR5M
EkRGnQ//eLKBX7VIlHBdrGrfe0VpVA280trMVGfR10OYz+OUdQitS7hJjPs/h7qK
Ygocb+zvA3+lS1RlacmGd21aeWU0wUL4g6bc/T6/oVCpH+Erzgwpv1DwYbYstSWl
vGJCSIpsQN5beZJ7rMA7P8++7mjCvr7SaKB6ffsTOG3da2xbZrGOcRBqC35X/nkW
GkkKWSpynEwwhmyK04H3g6c8Ef53humLrb8RGsvZCF0HQi/aXGUDCGoADpjqyV5p
5JBLUj3e+O3+OHWmBNj/fmO+wT8srbWtzkmOWGmVCXL+t1EMJmRnbmGAn1Lims5w
cGyZm1WNVNO7sqDbH8HpKqYnxovTTKe1ftv9TooGAFq5YpZ/oaoUx3OIF30yFHEJ
RV7TWn1SjstClvEkdEXY6eCH4ZYlUs7LBtTP24y7ncdj12FqnwxMg/68ZGItTMcE
FYZEFNgm6MCokfLb2eGpvOl9Z6k+GX2omy0sD7/KJ2myokpwlKRKppU/KLZmoIHX
H8ujTwMsAPeVAwmSI7HnFa6RiLomOLd/3tW5J3D2JfD33/LFyD0kkaWZ7CYdrnkm
fRXt44D/fwu1al3VayiGqizSHJ+cFiY66TmvxPaPz8h2polGOXoCbbuQienc2dVa
mrce5MxjekfMuxGtAsABWH6XFtXgOrQ+FwJBtgrKlJeGetj2WBo=
=N85J
-----END PGP SIGNATURE-----