Accepted libmad 0.15.1b-7+deb7u1 (source amd64) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 12 May 2018 10:11:05 +0200
Source: libmad
Binary: libmad0 libmad0-dev
Architecture: source amd64
Version: 0.15.1b-7+deb7u1
Distribution: wheezy-security
Urgency: medium
Maintainer: Mad Maintainers <pkg-mad-maintainers@lists.alioth.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
libmad0 - MPEG audio decoder library
libmad0-dev - MPEG audio decoder development library
Closes: 287519
Changes:
libmad (0.15.1b-7+deb7u1) wheezy-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
* Apply Kurt's patches from 0.15.1b-8+deb8u1:
* Properly check the size of the main data. The previous patch
only checked that it could fit in the buffer, but didn't ensure there
was actually enough room free in the buffer. This was assigned both
CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
different way to detect it. (Closes: #287519)
* Rewrite patch to check the size of buffer. It now checks it before reading
it instead of afterwards checking that we did read too much. This now also
covers parsing the frame and layer3, not just layer 1 and 2. This was
original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
Checksums-Sha1:
7a14c8223e3c3dc864f9978757d0f38b3761280d 1882 libmad_0.15.1b-7+deb7u1.dsc
cac19cd00e1a907f3150cc040ccc077783496d76 502379 libmad_0.15.1b.orig.tar.gz
af6a1d242e5b16272993133d4abfb507060b10e1 255730 libmad_0.15.1b-7+deb7u1.diff.gz
82f561605339e3ae400034bb9eedf3b08ebf93f3 79370 libmad0_0.15.1b-7+deb7u1_amd64.deb
a86bb3f15c9677ef16fe663b94a0e5e02750c1c5 92322 libmad0-dev_0.15.1b-7+deb7u1_amd64.deb
Checksums-Sha256:
1c60338f66c4219ee4725f79d9d7c4a56cb0f8361f2f55d487ba314c541d458e 1882 libmad_0.15.1b-7+deb7u1.dsc
bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690 502379 libmad_0.15.1b.orig.tar.gz
61802402a2b7d3a66643e1168b834a00c8f56aa3bcc1fa150423457024d8de81 255730 libmad_0.15.1b-7+deb7u1.diff.gz
11ab6fe0dafe0c04a28876e04b478bfd8b12952daf7930037042822a71c7518f 79370 libmad0_0.15.1b-7+deb7u1_amd64.deb
c24718bfe3a9dc1abe5b4a259880257ad1e97370d9c52a5ffb5c4aaa8887bddf 92322 libmad0-dev_0.15.1b-7+deb7u1_amd64.deb
Files:
597c658d9d94b9eb9d347e19c8dc1ed4 1882 sound optional libmad_0.15.1b-7+deb7u1.dsc
1be543bc30c56fb6bea1d7bf6a64e66c 502379 sound optional libmad_0.15.1b.orig.tar.gz
df25c50a4bba3b0692b0d499c7416466 255730 sound optional libmad_0.15.1b-7+deb7u1.diff.gz
693255f0c22c1d85f9dcd38f01817766 79370 libs optional libmad0_0.15.1b-7+deb7u1_amd64.deb
f3c0bbc11f75139d5e4e6321371a878d 92322 libdevel optional libmad0-dev_0.15.1b-7+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlr+d44ACgkQnUbEiOQ2
gwINkRAAyqdQtADO+skwlBffWrIHuCnvotYkqtPa8GWFZRHNRBa/Lb5AVbbz4ZBu
MCCHcg1fRTTYEq6K9fofPn92rXprm72+kUb6NU2NXlmdgmYcXSyBxQnmCN8qgl5H
5YtRyZJ6vwZbbhv0nUMU9cv8XQ0vIREn96e2+a9P8PSF9JmQqK2APXIMiafVQS76
TtKSofZjQQfKDooYGxergpURPUTsL25mDB0GCJ5k9Lsjbyv1ywiWaRIoyyySZdvI
BBvh2vBpCYnIqsK75r0XMiAuQDCuVeUEneC3u6zK7FY5/6K4ckbQ64kg2WQQuk9z
M3tZeTDyAYtXWky0Tf3aMrHkmeKZBLjzC2eu54mJ1kcV2pJ4hfv+iOR1JsK0Kij0
qAffrcFGMpDLrO1NlEYXqucYMGUfQE0X7EodVaRlb1qukN+z7Ip+PA36ufN0MaQk
sA90eZc9NOV3Tb9yj6R+irVEntAK+3gjVIbRNMre0nluLhufvKcXLWqGaC1rSnb7
K7l1/MI0M9Ug/iYJ+68g3HGhVgfVJpslvswhpxzlo7zXocM5+AZ0I1wyiIkceaiG
p5X25AVLJsysg3y7RpqwYX1E2qdyoyealaTsCQ1G3YV7YG6YNfbRU16UoqvKucAa
0VChQNCCi7JONjaT7A4JzH9sAg3pwydU+lFSrw7/9oTkowd7aPk=
=04iF
-----END PGP SIGNATURE-----