Back to libvorbis PTS page

Accepted libvorbis 1.3.6-1 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 22 Mar 2018 08:22:56 +0100
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev
Architecture: source
Version: 1.3.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Description:
 libvorbis-dev - development files for Vorbis General Audio Compression Codec
 libvorbis0a - decoder library for Vorbis General Audio Compression Codec
 libvorbisenc2 - encoder library for Vorbis General Audio Compression Codec
 libvorbisfile3 - high-level API for Vorbis General Audio Compression Codec
Closes: 870341
Changes:
 libvorbis (1.3.6-1) unstable; urgency=medium
 .
   * Add more used CPE strings to d/upstream/metadata.
   * Fix typo in patch description.  Thanks lintian.
   * Updated Standards-Version from 3.9.8 to 4.1.3.
   * Changed debhelper compat level from 9 to  10.
   * Remove no longer needed Testsuite header from d/control.
   * Drop binary package libvorbis-dbg.  Use automatically generated dbgsym
     package instead.
   * New upstream version 1.3.6.
     - Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding.
     - Fixes CVE-2017-14632 - free() on uninitialized data
     - Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341)
     - Removed obsolete patches
       CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch,
       CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and
       CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch.
Checksums-Sha1:
 90428057f024c9f6ffe107185537b742d1dfca80 2329 libvorbis_1.3.6-1.dsc
 91f140c220d1fe3376d637dc5f3d046263784b1f 1634357 libvorbis_1.3.6.orig.tar.gz
 cedc150c18f4cf8f7b30daa3d166b9ea3ac78398 10908 libvorbis_1.3.6-1.debian.tar.xz
 a07095869b222e5169df39a84963687cffad198b 6398 libvorbis_1.3.6-1_source.buildinfo
Checksums-Sha256:
 b79f5142a86459692e7aaa640f502e0498f0a800c9eb4034474b5ed555d22479 2329 libvorbis_1.3.6-1.dsc
 6ed40e0241089a42c48604dc00e362beee00036af2d8b3f46338031c9e0351cb 1634357 libvorbis_1.3.6.orig.tar.gz
 07b50db2f54af6e05977ae07e553d2315ba1208b59e3b6a9880b7a802aa74538 10908 libvorbis_1.3.6-1.debian.tar.xz
 0ce8dc330ea5c115f885b9beb9dbae1baacb3372e39bec45d42af9dfc9230a52 6398 libvorbis_1.3.6-1_source.buildinfo
Files:
 5aa42961f060be5ecf28e525e09d138b 2329 libs optional libvorbis_1.3.6-1.dsc
 d3190649b26572d44cd1e4f553943b31 1634357 libs optional libvorbis_1.3.6.orig.tar.gz
 717537b0865e5f7cdffaacf42fa9d4b8 10908 libs optional libvorbis_1.3.6-1.debian.tar.xz
 990d25f3aad1126ffd329055c1deb41e 6398 libs optional libvorbis_1.3.6-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAlqzWxIACgkQgSgKoIe6
+w7JbQ//XT1104gu0P59VvwkgVAJnr10I+tJN/pBj8qKaiz6e1sRO1i5s0DkYmuu
SzLxyYW7ZRVM6IpNr6IBcNfSfLycAInK53dZ+hmbLDNkGpLIKV4yUOKiltfpPUGf
YK97tMIOQX6VDl2ImNsGk+uXuc1Ms1rjrEjBFVMpVFvCVcIxivHDIG8Hiuyd51SG
rFiUBImWngC95mDsOfRlylSU8OFNVeBqnHDGHqcKrCmkVfbaS1b1bq+agSdlyMJG
nd561wimGyLXl+3AMbUBC8Vge5zuVII80zw+pawRUaSUOsm8q2fxhyPcRsFNarui
0T5KNNjb58mmmM4BDE6Qce4pwBweY92I01Kp5uVy6ajMjlWzaz0BsV6ZapqK216f
M01Z75ddueWeuSlDPYitXBn27ZJOSIznSrHLuslCEYrR1xrXkKmsy1kL9I0zdtz5
dpiKuNjfeEVPv7U5G25FG1kCuAPcu1k/J5gJdPupM8Lg/tepZ8fwW6VKseLssBJ9
HkRQqi1a+CBLWZVjjGLr2i1gAlGXtmQCuXzMzg9VIRP8F0SRE8Yo3MMZ5JmIx5v1
rThAxWNic1ZhcSLiEY5U3G9lbCKghYrywDMBJ0qA9UytR+CczSLZGKZtILKilTJk
/JSkugL0kEp5Olg02tIDVWU4HbHuw+VlGFDACdlernYoh7aT0oY=
=xntX
-----END PGP SIGNATURE-----