Accepted libvorbis 1.3.6-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 22 Mar 2018 08:22:56 +0100
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev
Architecture: source
Version: 1.3.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Description:
libvorbis-dev - development files for Vorbis General Audio Compression Codec
libvorbis0a - decoder library for Vorbis General Audio Compression Codec
libvorbisenc2 - encoder library for Vorbis General Audio Compression Codec
libvorbisfile3 - high-level API for Vorbis General Audio Compression Codec
Closes: 870341
Changes:
libvorbis (1.3.6-1) unstable; urgency=medium
.
* Add more used CPE strings to d/upstream/metadata.
* Fix typo in patch description. Thanks lintian.
* Updated Standards-Version from 3.9.8 to 4.1.3.
* Changed debhelper compat level from 9 to 10.
* Remove no longer needed Testsuite header from d/control.
* Drop binary package libvorbis-dbg. Use automatically generated dbgsym
package instead.
* New upstream version 1.3.6.
- Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding.
- Fixes CVE-2017-14632 - free() on uninitialized data
- Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341)
- Removed obsolete patches
CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch,
CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and
CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch.
Checksums-Sha1:
90428057f024c9f6ffe107185537b742d1dfca80 2329 libvorbis_1.3.6-1.dsc
91f140c220d1fe3376d637dc5f3d046263784b1f 1634357 libvorbis_1.3.6.orig.tar.gz
cedc150c18f4cf8f7b30daa3d166b9ea3ac78398 10908 libvorbis_1.3.6-1.debian.tar.xz
a07095869b222e5169df39a84963687cffad198b 6398 libvorbis_1.3.6-1_source.buildinfo
Checksums-Sha256:
b79f5142a86459692e7aaa640f502e0498f0a800c9eb4034474b5ed555d22479 2329 libvorbis_1.3.6-1.dsc
6ed40e0241089a42c48604dc00e362beee00036af2d8b3f46338031c9e0351cb 1634357 libvorbis_1.3.6.orig.tar.gz
07b50db2f54af6e05977ae07e553d2315ba1208b59e3b6a9880b7a802aa74538 10908 libvorbis_1.3.6-1.debian.tar.xz
0ce8dc330ea5c115f885b9beb9dbae1baacb3372e39bec45d42af9dfc9230a52 6398 libvorbis_1.3.6-1_source.buildinfo
Files:
5aa42961f060be5ecf28e525e09d138b 2329 libs optional libvorbis_1.3.6-1.dsc
d3190649b26572d44cd1e4f553943b31 1634357 libs optional libvorbis_1.3.6.orig.tar.gz
717537b0865e5f7cdffaacf42fa9d4b8 10908 libs optional libvorbis_1.3.6-1.debian.tar.xz
990d25f3aad1126ffd329055c1deb41e 6398 libs optional libvorbis_1.3.6-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAlqzWxIACgkQgSgKoIe6
+w7JbQ//XT1104gu0P59VvwkgVAJnr10I+tJN/pBj8qKaiz6e1sRO1i5s0DkYmuu
SzLxyYW7ZRVM6IpNr6IBcNfSfLycAInK53dZ+hmbLDNkGpLIKV4yUOKiltfpPUGf
YK97tMIOQX6VDl2ImNsGk+uXuc1Ms1rjrEjBFVMpVFvCVcIxivHDIG8Hiuyd51SG
rFiUBImWngC95mDsOfRlylSU8OFNVeBqnHDGHqcKrCmkVfbaS1b1bq+agSdlyMJG
nd561wimGyLXl+3AMbUBC8Vge5zuVII80zw+pawRUaSUOsm8q2fxhyPcRsFNarui
0T5KNNjb58mmmM4BDE6Qce4pwBweY92I01Kp5uVy6ajMjlWzaz0BsV6ZapqK216f
M01Z75ddueWeuSlDPYitXBn27ZJOSIznSrHLuslCEYrR1xrXkKmsy1kL9I0zdtz5
dpiKuNjfeEVPv7U5G25FG1kCuAPcu1k/J5gJdPupM8Lg/tepZ8fwW6VKseLssBJ9
HkRQqi1a+CBLWZVjjGLr2i1gAlGXtmQCuXzMzg9VIRP8F0SRE8Yo3MMZ5JmIx5v1
rThAxWNic1ZhcSLiEY5U3G9lbCKghYrywDMBJ0qA9UytR+CczSLZGKZtILKilTJk
/JSkugL0kEp5Olg02tIDVWU4HbHuw+VlGFDACdlernYoh7aT0oY=
=xntX
-----END PGP SIGNATURE-----