-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 10 Nov 2009 16:31:18 +0100 Source: libvorbis Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev Architecture: source i386 Version: 1.2.0.dfsg-3.1+lenny1 Distribution: stable-security Urgency: high Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org> Changed-By: Giuseppe Iuculano <iuculano@debian.org> Description: libvorbis-dev - The Vorbis General Audio Compression Codec (development files) libvorbis0a - The Vorbis General Audio Compression Codec libvorbisenc2 - The Vorbis General Audio Compression Codec libvorbisfile3 - The Vorbis General Audio Compression Codec Closes: 540958 Changes: libvorbis (1.2.0.dfsg-3.1+lenny1) stable-security; urgency=high . [ Peter Samuelson ] * Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg file to corrupt memory. (Closes: #540958) . [ Giuseppe Iuculano ] * Fixed CVE-2009-3379: A crafted ogg file could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. Checksums-Sha1: 51b35bcff79bfd6281232bbb7f63b8dce345943e 1280 libvorbis_1.2.0.dfsg-3.1+lenny1.dsc fa59ca91a1620df3abe41f0d5cdcfb2431c8a749 1477935 libvorbis_1.2.0.dfsg.orig.tar.gz 24c69d2fb8e1b44e1a94db48a33834179d127149 10323 libvorbis_1.2.0.dfsg-3.1+lenny1.diff.gz 5822e6957d07571b2f422f232d5c05ad90532e17 101822 libvorbis0a_1.2.0.dfsg-3.1+lenny1_i386.deb 9900edd24e5c091ca0e8594e595045f7d860f7e8 77266 libvorbisenc2_1.2.0.dfsg-3.1+lenny1_i386.deb e5d6b8007443819f96ac729ea092176e2ef14d59 21228 libvorbisfile3_1.2.0.dfsg-3.1+lenny1_i386.deb 6fa482f82f0639f193351759ee6e91c9b4729d99 465548 libvorbis-dev_1.2.0.dfsg-3.1+lenny1_i386.deb Checksums-Sha256: 7ca4fc771b644411e48a5db92ab040bb369d10f3c4e9ef6f35799345330ee00f 1280 libvorbis_1.2.0.dfsg-3.1+lenny1.dsc 401129deb8a78b53b0c2098a92cdb84114956ef399ce62b38ac28f0bde04133f 1477935 libvorbis_1.2.0.dfsg.orig.tar.gz d7e50856f10ef4d4793e46efb76aa9d126ecf9fef7070e2ed4295666942e3ffa 10323 libvorbis_1.2.0.dfsg-3.1+lenny1.diff.gz 0a516286d5eaae3b46c1db051016ba22f663bfc446143883a202f9cd06a464cd 101822 libvorbis0a_1.2.0.dfsg-3.1+lenny1_i386.deb de59dedb3d13eca37a8abee7ad1861e36fc7a9791ecca5fcfaaca095b5ddae0f 77266 libvorbisenc2_1.2.0.dfsg-3.1+lenny1_i386.deb 02bb7d6cb1912e6583baab0a15562b15de3fe2dd506ffc5e3ab533dd135b21fd 21228 libvorbisfile3_1.2.0.dfsg-3.1+lenny1_i386.deb 374010896148aa04dd31391ff68f6fd4ee97458650b82fa59c1e63137f86e0b7 465548 libvorbis-dev_1.2.0.dfsg-3.1+lenny1_i386.deb Files: 0e4285bf0fc44a182f35b15b3bef92af 1280 libs optional libvorbis_1.2.0.dfsg-3.1+lenny1.dsc 3c7fff70c0989ab3c1c85366bf670818 1477935 libs optional libvorbis_1.2.0.dfsg.orig.tar.gz 8a3c02bfdb7c2e6edc1a6ba952f4706e 10323 libs optional libvorbis_1.2.0.dfsg-3.1+lenny1.diff.gz b35241103ae3b649b37082c75bb6c349 101822 libs optional libvorbis0a_1.2.0.dfsg-3.1+lenny1_i386.deb e6272466696d9b1307c446495933904a 77266 libs optional libvorbisenc2_1.2.0.dfsg-3.1+lenny1_i386.deb 5c64197678bc8102cac8d5e24ebf30f4 21228 libs optional libvorbisfile3_1.2.0.dfsg-3.1+lenny1_i386.deb 3b5e01cb7ed617ceef7cfac672c42061 465548 libdevel optional libvorbis-dev_1.2.0.dfsg-3.1+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksH80QACgkQNxpp46476aosNgCdFPn7ofjjeDN+8mIDG18sLvI2 8XUAnRyN8WQt8sgE/11tR5+UtbZePZPj =fF7D -----END PGP SIGNATURE----- Accepted: libvorbis-dev_1.2.0.dfsg-3.1+lenny1_i386.deb to main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_i386.deb libvorbis0a_1.2.0.dfsg-3.1+lenny1_i386.deb to main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_i386.deb libvorbis_1.2.0.dfsg-3.1+lenny1.diff.gz to main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1+lenny1.diff.gz libvorbis_1.2.0.dfsg-3.1+lenny1.dsc to main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1+lenny1.dsc libvorbisenc2_1.2.0.dfsg-3.1+lenny1_i386.deb to main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_i386.deb libvorbisfile3_1.2.0.dfsg-3.1+lenny1_i386.deb to main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_i386.deb