-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 12 Nov 2010 08:44:13 +0100 Source: libvpx Binary: libvpx-dev libvpx0 libvpx0-dbg libvpx-doc Architecture: source all amd64 Version: 0.9.1-2 Distribution: unstable Urgency: high Maintainer: Sebastian Dröge <slomo@debian.org> Changed-By: Sebastian Dröge <slomo@debian.org> Description: libvpx-dev - VP8 video codec (development files) libvpx-doc - VP8 video codec (API documentation) libvpx0 - VP8 video codec (shared library) libvpx0-dbg - VP8 video codec (debugging symbols) Closes: 602693 Changes: libvpx (0.9.1-2) unstable; urgency=high . * debian/patches/900_CVE-2010-4203.patch: + SECURITY CVE-2010-4203: Fix heap memory corruption which could lead to denial of service or possibly execution of arbitrary code. Properly validate frame size and partition sizes (Closes: #602693). This patch contains two upstream commits, adjusted to work with libvpx 0.9.1. It is fixed upstream in 0.9.5. Checksums-Sha1: 383f3c3207a513b7c4cf5ad9502b2cb1a1631087 1155 libvpx_0.9.1-2.dsc 310ede953d0d74de67b49b68767e5faee6157727 10830 libvpx_0.9.1-2.debian.tar.gz 2962cb9dcf4ff008a3a7c8fe9f726d2d93917df4 233540 libvpx-doc_0.9.1-2_all.deb 2d2c1136acbf6dcb6be2e9ec654b81ab50adf683 301834 libvpx-dev_0.9.1-2_amd64.deb 8a5d80d0f7238f76830ddba26669ad0f816164e9 232060 libvpx0_0.9.1-2_amd64.deb c799da3b3edc9ceeb415ada2ca10666be22345b1 488872 libvpx0-dbg_0.9.1-2_amd64.deb Checksums-Sha256: f0411465ba821299ca21d3614b156caad495527b8bc4ffd9c15569cce338082f 1155 libvpx_0.9.1-2.dsc aa02e1e4b4ac7e7d493ca6d16134e9ab0b37a5e3d7b629a6a76c3d2489b06d40 10830 libvpx_0.9.1-2.debian.tar.gz 3017352a7c6c6c4c7f9b263b815361326abedd604c87e870c5c7538499dbc978 233540 libvpx-doc_0.9.1-2_all.deb 50f153a2aa0b50428ae8102f06c4fa3b5a1dac029ca299073bb0700702454e2e 301834 libvpx-dev_0.9.1-2_amd64.deb b7aae8a93cef188bb139aa2e40f09b4bf356bbf4981591ef753fdb06227b72bd 232060 libvpx0_0.9.1-2_amd64.deb 71804a61349ea7941e783241185fb2a8fe07cddf624903b36b53377c66c3bd9f 488872 libvpx0-dbg_0.9.1-2_amd64.deb Files: 76d08b244425e2f4b7a4913f63821a6c 1155 video optional libvpx_0.9.1-2.dsc 8c61c8ec740baf53ea90145d14dde4a6 10830 video optional libvpx_0.9.1-2.debian.tar.gz 659a7c0ccf281a544c56c1891fc2a0aa 233540 doc optional libvpx-doc_0.9.1-2_all.deb 69b4851184716c7cdcbafc15d96f390c 301834 libdevel optional libvpx-dev_0.9.1-2_amd64.deb d0041d740a98a4abe815a8ab648dde0c 232060 libs optional libvpx0_0.9.1-2_amd64.deb c2b393af2a5a9ca76e5a36214b92f369 488872 debug extra libvpx0-dbg_0.9.1-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkzc+TcACgkQBsBdh1vkHyFAkQCdGsIkwzypzTOitzxvJt3h29S+ KYYAoKH5tQQ5m3Plrc5aC/+DJFbXDn2V =ZtVc -----END PGP SIGNATURE----- Accepted: libvpx-dev_0.9.1-2_amd64.deb to main/libv/libvpx/libvpx-dev_0.9.1-2_amd64.deb libvpx-doc_0.9.1-2_all.deb to main/libv/libvpx/libvpx-doc_0.9.1-2_all.deb libvpx0-dbg_0.9.1-2_amd64.deb to main/libv/libvpx/libvpx0-dbg_0.9.1-2_amd64.deb libvpx0_0.9.1-2_amd64.deb to main/libv/libvpx/libvpx0_0.9.1-2_amd64.deb libvpx_0.9.1-2.debian.tar.gz to main/libv/libvpx/libvpx_0.9.1-2.debian.tar.gz libvpx_0.9.1-2.dsc to main/libv/libvpx/libvpx_0.9.1-2.dsc
