-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 Nov 2019 19:03:02 +0100 Source: libvorbis Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev libvorbis-dbg Architecture: source amd64 Version: 1.3.4-2+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libvorbis-dbg - debug files for Vorbis General Audio Compression Codec libvorbis-dev - development files for Vorbis General Audio Compression Codec libvorbis0a - decoder library for Vorbis General Audio Compression Codec libvorbisenc2 - encoder library for Vorbis General Audio Compression Codec libvorbisfile3 - high-level API for Vorbis General Audio Compression Codec Changes: libvorbis (1.3.4-2+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the ELTS Team. * CVE-2017-14160, CVE-2018-10393 Improve bound checking for very low sample rates. * CVE-2018-10392 Not validating the number of channels allows a remote attacker to cause a denial of service. Checksums-Sha1: 781b30648480d451e8fccf60c85e275a9a5f2af8 2459 libvorbis_1.3.4-2+deb8u2.dsc 1602716c187593ffe4302124535240cec2079df3 1632091 libvorbis_1.3.4.orig.tar.gz 90a74b15416dc67317287c7b3d76f03ad0d999e0 13108 libvorbis_1.3.4-2+deb8u2.debian.tar.xz e67e78b3ef623b49d6789353bec6586207ccbb47 92840 libvorbis0a_1.3.4-2+deb8u2_amd64.deb ea340164de8b05fe360654e5621bf2c37ef7284a 78164 libvorbisenc2_1.3.4-2+deb8u2_amd64.deb 52a5965a1f4f1f80a58e4761c352527df719dd37 23936 libvorbisfile3_1.3.4-2+deb8u2_amd64.deb 9a14ecf3c5354c7256071658d635fb10d49ab5e8 347180 libvorbis-dev_1.3.4-2+deb8u2_amd64.deb cfc9491ab5d5305a5bafe98f75f5e41435f89e0f 229920 libvorbis-dbg_1.3.4-2+deb8u2_amd64.deb Checksums-Sha256: e85105d281d99e1608e86c0d7351c7a55749abbd9b6dd43eadacdb91683c6e00 2459 libvorbis_1.3.4-2+deb8u2.dsc eee09a0a13ec38662ff949168fe897a25d2526529bc7e805305f381c219a1ecb 1632091 libvorbis_1.3.4.orig.tar.gz b85a288be6c396346ede3a641c5ebf1e229b2a8072f79f3e7cb8dbf177a43e99 13108 libvorbis_1.3.4-2+deb8u2.debian.tar.xz 56ea7fbac24db978a13d162eb0496aab1373a0fea35c57a46db44ed6312465bb 92840 libvorbis0a_1.3.4-2+deb8u2_amd64.deb 864c5d31d0c71f4c9774ac79c434e541b956dc5b5793720f1e2cc46b54c33a7d 78164 libvorbisenc2_1.3.4-2+deb8u2_amd64.deb 811836c1ed91dd6ec5c040e94656846bf36ab4bd68e520a85e7dce9ade29e4ad 23936 libvorbisfile3_1.3.4-2+deb8u2_amd64.deb bb6af67145f4999b0e114ef79c71cf383954cafb2766315053893f1e3ca72c16 347180 libvorbis-dev_1.3.4-2+deb8u2_amd64.deb 539c3e1b0f51c5c5d835bc6d6f5a56c3e7a9a22b50b6b119ee3815b6005f2607 229920 libvorbis-dbg_1.3.4-2+deb8u2_amd64.deb Files: a5dc9210b92347c4b6f338012739aba4 2459 libs optional libvorbis_1.3.4-2+deb8u2.dsc 8851c593a52d1ef9c526d95174873852 1632091 libs optional libvorbis_1.3.4.orig.tar.gz 67c54d3d2e36f3aba60c121fcf3adba0 13108 libs optional libvorbis_1.3.4-2+deb8u2.debian.tar.xz a881efdc1c62a2bcb5041272149cc626 92840 libs optional libvorbis0a_1.3.4-2+deb8u2_amd64.deb 2d7269c4e768826d4562ad2e1d021cdd 78164 libs optional libvorbisenc2_1.3.4-2+deb8u2_amd64.deb 8a1fc786adaf4accb0618b6068a650ae 23936 libs optional libvorbisfile3_1.3.4-2+deb8u2_amd64.deb 293206fddf567ca58686c4e43d9e8ff6 347180 libdevel optional libvorbis-dev_1.3.4-2+deb8u2_amd64.deb 4c9b3265520e81fb320130eb6db7ef90 229920 debug extra libvorbis-dbg_1.3.4-2+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl3eyKtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR5X+D/9aAmWb9sUXq9fq2/Hz1k5wa+OcR+ev J5ZqOtyhFEXOeoS+FTs6OLtYDgfoSogPmXHGLb4niTrFEYgp4fPCM1QJJbhFrmsq yYrodY6TAAzwYRHClyy4q93jooyPLMjgLcIdWMF4NcMaVnCi3+N8o8kOAggpH6is ElH84AcHz7q55w2N2GSJsGTahj5YCCyCljHaKm0Shlgpqo0UnwEW4Dmiiicc9TPp 68Ev/grugXuu9nhIOWlGf8XGx3JZVyRjhdRG7p2mRXLe9FpX13oRoxu/I4bprO6c yO70k8M0Cm2IJeH/D7lBDR8S83WlDyTvNPgQGnVSJnMLyCJYi21dtM9pFptBziPD hFSvlc7RPj27ceU/Mq+kji7a1faBoHWJwaUYFFALC1iMXgSp2NcHHk8Lz8EnxCTr 5+/ik6We1lPsxnfY5d9qNr/Ja0pYUTXZkPfVbdh2Qx5be0DSYrA9A2bMQQQILEcK R4cWAydnBaJSr6aSZiLeb+aJopeKllNIEukW5w1rXrp6B6GQC61uwTjZ0/IjV1lr +Sv6h0VDbg1MgWLrByyokU4k+h6SSuP57gFqXynF1YCFvi1qGXnIYGgMixBPkrEC ui9hYXlCEatuP/bYM7olk4XsbQhoYjASL021MestVbaY9mnKNaYbvExd/cfgmw7a rBmD6rzUk224yg== =gPaF -----END PGP SIGNATURE-----
