Back to libmad PTS page

Accepted libmad 0.15.1b-8+deb8u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted libmad 0.15.1b-8+deb8u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
From: Kurt Roeckx <kurt@roeckx.be>
Date: Mon, 07 May 2018 11:35:51 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1fFeQp-000J1p-BI@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 13:20:28 +0200
Source: libmad
Binary: libmad0 libmad0-dev
Architecture: source amd64
Version: 0.15.1b-8+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Mad Maintainers <pkg-mad-maintainers@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description:
 libmad0    - MPEG audio decoder library
 libmad0-dev - MPEG audio decoder development library
Closes: 287519
Changes:
 libmad (0.15.1b-8+deb8u1) jessie-security; urgency=high
 .
   * Properly check the size of the main data. The previous patch
     only checked that it could fit in the buffer, but didn't ensure there
     was actually enough room free in the buffer. This was assigned both
     CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
     different way to detect it. (Closes: #287519)
   * Rewrite patch to check the size of buffer. It now checks it before reading
     it instead of afterwards checking that we did read too much. This now also
     covers parsing the frame and layer3, not just layer 1 and 2. This was
     original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
Checksums-Sha1:
 62c756feea4ab78319f65fad4eed3c659b808440 1926 libmad_0.15.1b-8+deb8u1.dsc
 cac19cd00e1a907f3150cc040ccc077783496d76 502379 libmad_0.15.1b.orig.tar.gz
 b67e223e57dbad575e8850cad7c5ad1c65ae331c 13490 libmad_0.15.1b-8+deb8u1.diff.gz
 d68b13b04d08b96674f1384dd2de15a3defd5ac4 69232 libmad0_0.15.1b-8+deb8u1_amd64.deb
 67c4168412c14ad485d6178b0ba1690ff4876280 78034 libmad0-dev_0.15.1b-8+deb8u1_amd64.deb
Checksums-Sha256:
 989206361a434043439761bc28c2fb78c23f0288ee064214f6bcbba67f9c3141 1926 libmad_0.15.1b-8+deb8u1.dsc
 bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690 502379 libmad_0.15.1b.orig.tar.gz
 f5bd15e31442cce502ae593c6ed66b09f97440d4d04690cbc5374e773a02d5d7 13490 libmad_0.15.1b-8+deb8u1.diff.gz
 5071f7777da93fe8c00574775ef436f92a87570e51ee7b9b55ceeaad6e90e6ed 69232 libmad0_0.15.1b-8+deb8u1_amd64.deb
 d93b0831212080e8a6e8f6f7b7cbc058bbdac9fb5d19a63bee725f4272ac5600 78034 libmad0-dev_0.15.1b-8+deb8u1_amd64.deb
Files:
 27814037e7b8fb21927914915badb82b 1926 sound optional libmad_0.15.1b-8+deb8u1.dsc
 1be543bc30c56fb6bea1d7bf6a64e66c 502379 sound optional libmad_0.15.1b.orig.tar.gz
 92978cfeb59a5a45273ac1c9c3c3df79 13490 sound optional libmad_0.15.1b-8+deb8u1.diff.gz
 445590759791e38cbe8c2665099f1780 69232 libs optional libmad0_0.15.1b-8+deb8u1_amd64.deb
 7639b7be551f805c47997827f3dd1573 78034 libdevel optional libmad0-dev_0.15.1b-8+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlroY5IACgkQ48TdzR5M
EkTOMA//f1oyd7qmJ7cO8TLC8xWPlLvmPTdW+HAywmqq3z+lvSfXqMnYhceyKnCH
RcKAx8/zfFseHPVl7w14CWMEC/+pjKOlp9vD9NhQ3DQphnom4HmqCRhfHUaosPoA
AJNNujXrts5QjvZImGgfFftAWBaVWGs90CiK1iM8lbJV9B/p1g7oWCoOw+fz13OX
Jd3Kx2gf6BAV2aWpY6AezkaBL4PNay5O6P7W4+h7LFsbkg76s7rmbjE5SvWcy2BT
NzKuPqg4zO/Bv3D5ZTb47rllewW/oEfda6Mljv1pY+SHa5PioSiE6C7nyWKz4UFJ
tU9egVQAHOexBWDRZQ4pOeq+WFSiPFBLUU8yClp4MILDCYkKeu6Er+7HCiySiElu
g56HbbUgkzIGdM3eZFtiZKzTFpsV54yyr8h+Z0FNwQwJtKc5ZbVOsZnEN3z9uSQ6
Qe/phw0iYc+iZEFAJZf7oprI0Rf2plbDzofxmv/Dk1wws48y9OoQXFlmFvqV+L94
kfY+Ej3y5WbRZbjHL7Hu/p3Th3611LxEcVJuCf6D4k30ikcvSN1u2QcM8WyUSV2x
O49Mr5P2x751tyqPOFISb9R7WWvRXAnDC05paxrA7FJMnruU4zN6hLHmoXV+6hBx
bLHvl0av9xPvsbR0GSjJLqTW0CFwIq451NwCF23ROuztLy7hh/0=
=EQWZ
-----END PGP SIGNATURE-----