Debian Package Tracker

From: Thorsten Alteholz <debian@alteholz.de>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libvorbis 1.3.4-2+deb8u3 (source amd64) into oldoldstable
Date: Tue, 17 Dec 2019 16:20:23 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 17 Dec 2019 16:03:02 +0100
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev libvorbis-dbg
Architecture: source amd64
Version: 1.3.4-2+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 libvorbis-dbg - debug files for Vorbis General Audio Compression Codec
 libvorbis-dev - development files for Vorbis General Audio Compression Codec
 libvorbis0a - decoder library for Vorbis General Audio Compression Codec
 libvorbisenc2 - encoder library for Vorbis General Audio Compression Codec
 libvorbisfile3 - high-level API for Vorbis General Audio Compression Codec
Changes:
 libvorbis (1.3.4-2+deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2017-14633, CVE-2017-11333
     An out-of-bounds array read vulnerability exists in the function
     mapping0_forward() in mapping0.c, which may lead to DoS when
     operating on a crafted audio file with vorbis_analysis_headerout()
     from lib/block.c.
Checksums-Sha1:
 72f5a6df110ad40f701acb36182ff52d323bb345 2459 libvorbis_1.3.4-2+deb8u3.dsc
 1602716c187593ffe4302124535240cec2079df3 1632091 libvorbis_1.3.4.orig.tar.gz
 e77c09cbfe75fcc7bc7a26d924be80eaccb5e2ba 13736 libvorbis_1.3.4-2+deb8u3.debian.tar.xz
 d590449f1e00711e83523625604b4e18530ea0cf 92756 libvorbis0a_1.3.4-2+deb8u3_amd64.deb
 9ac7ee862503305bb951761e04367abab6be9a40 78326 libvorbisenc2_1.3.4-2+deb8u3_amd64.deb
 3c59c641b5bf56213b6c60f333a1c59ed3823000 24070 libvorbisfile3_1.3.4-2+deb8u3_amd64.deb
 b8ced77d9011dd61a9ac6280cde3a89e47b3eb2d 348034 libvorbis-dev_1.3.4-2+deb8u3_amd64.deb
 41d0624499b99d9bf911dd4bc054d84ae17b19ab 229810 libvorbis-dbg_1.3.4-2+deb8u3_amd64.deb
Checksums-Sha256:
 33292df04151efb9398f3562ac101a0b7e616c644cd948f8aa289c0e1e1ee339 2459 libvorbis_1.3.4-2+deb8u3.dsc
 eee09a0a13ec38662ff949168fe897a25d2526529bc7e805305f381c219a1ecb 1632091 libvorbis_1.3.4.orig.tar.gz
 bf1d01b39700408036cc944805e0c66f2f63f4fd0ea040f9b0c0507ddf06e208 13736 libvorbis_1.3.4-2+deb8u3.debian.tar.xz
 9701d8b6ed48783fa0c1bd480dd1afc8e6029727473c34e4786cfdec17b8d87e 92756 libvorbis0a_1.3.4-2+deb8u3_amd64.deb
 571dc6a1c9c66a2047126709ff5d2c5827e02181d17dcc3fc7a7277f65feeaf8 78326 libvorbisenc2_1.3.4-2+deb8u3_amd64.deb
 262ecac361f5e0b3f9833e6cad897272fad8930be29d0a983457ee5266135bbe 24070 libvorbisfile3_1.3.4-2+deb8u3_amd64.deb
 2f8e3e2d87b82bd2e41f5d0708950154c7687ac7623b2b3ee5ff7ed1ff66c72e 348034 libvorbis-dev_1.3.4-2+deb8u3_amd64.deb
 23ffde89738872e856381cd1eab1b030dc79add336a73a0865f358d6e967c4dd 229810 libvorbis-dbg_1.3.4-2+deb8u3_amd64.deb
Files:
 6ba53de5046c81e007b751a1b16a2d22 2459 libs optional libvorbis_1.3.4-2+deb8u3.dsc
 8851c593a52d1ef9c526d95174873852 1632091 libs optional libvorbis_1.3.4.orig.tar.gz
 5e2fcf8a597f9472c0e8b591afd72e23 13736 libs optional libvorbis_1.3.4-2+deb8u3.debian.tar.xz
 a08dd6562a00b8864988772876774459 92756 libs optional libvorbis0a_1.3.4-2+deb8u3_amd64.deb
 46c32affb26c8526c0afd4efa8658631 78326 libs optional libvorbisenc2_1.3.4-2+deb8u3_amd64.deb
 1ee3112979fef6d98fd3b9fbb015ae46 24070 libs optional libvorbisfile3_1.3.4-2+deb8u3_amd64.deb
 51228dac2109c67fb1261ac75d1ca49d 348034 libdevel optional libvorbis-dev_1.3.4-2+deb8u3_amd64.deb
 2ca0cdcc1eac7036037d638871fdf3fc 229810 debug extra libvorbis-dbg_1.3.4-2+deb8u3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl34/JVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRx4qEACHKoeSdG6zgTPX7roWyXPW0GLCGTw0
62gDYoz/L8fGbbhs3TM5BO/xUsZRFIlXPsewAqT1WsxTeqepZV3bsJSQpPROA4ts
0jgpDqyo/LSjCVTjqjLOVJs2KwSta8orEtsUsngcMLotquF1CwWV8eYN2JZf1yRM
z1q3vbR7dY7zkoMy0qZFpeVNlT2q16FVJN96jK2wJUIMnzcaEjzHQPn1p9oXtDHt
LRdF7re1y/SKOsIjGO2EQloL850ljuxLcVkPimwg+Lnk57t8AXmzAcB5Gal7XdJk
DNXTv6ib5xoJOu+DJ7TmdSWPtLdO/oVwvOfCn0sgPZuk+LCMSIVgkYjO9hi2qiSd
9Vlnh01wtsleLJcJHW6zbTdDlBBdW5b8XFIF1Sy3rDWdZSSZPB7KxLXR3aVRJACE
aH3Yg5R/TzQ/npEk+e2rIHzDS9+1xpWvU5LbKaNHigXIIZUk+dnyHMi8bkshp/09
ke/Vp80j6IPj1rh7HsM7law6w04SY9KIrMhr8WDDNxDcJmn1nSvZ/9IzARdqivHR
zDjc2O2DAAmf3AVQG42MLr6rsqeRr3t1oYwRXbWhPIzlckgwzdiN2LDrC5eEusD1
yW8lVpRJJ1mk7tProji46OWKfyInNpUUBX/uWWmpQN5fABVqf2DuuKlwCyRu+lY5
z5o+3wUs6O/jHw==
=79g2
-----END PGP SIGNATURE-----
News for package libvorbis
