-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 Nov 2021 19:05:10 +0200 Source: libvorbis Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev libvorbis-dbg Architecture: source Version: 1.3.5-4+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Description: libvorbis-dbg - debug files for Vorbis General Audio Compression Codec libvorbis-dev - development files for Vorbis General Audio Compression Codec libvorbis0a - decoder library for Vorbis General Audio Compression Codec libvorbisenc2 - encoder library for Vorbis General Audio Compression Codec libvorbisfile3 - high-level API for Vorbis General Audio Compression Codec Changes: libvorbis (1.3.5-4+deb9u3) stretch-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2017-14160, CVE-2018-10393: Improve bound checking for very low sample rates. * CVE-2018-10392: Validate the number of channels in vorbisenc.c Checksums-Sha1: 1553f5e859080872bc12fb93d87c6aeba5216d00 2411 libvorbis_1.3.5-4+deb9u3.dsc 10c7fee173178d72855aa7593dfe49d9b3d6c804 1638779 libvorbis_1.3.5.orig.tar.gz 1576ab1b644628b6be5b42a369da74c13a48cfcf 12024 libvorbis_1.3.5-4+deb9u3.debian.tar.xz Checksums-Sha256: 9e363cf202ced6371d58f8617a7e062914650bec7744dd9fc51ea586b3ae8383 2411 libvorbis_1.3.5-4+deb9u3.dsc 6efbcecdd3e5dfbf090341b485da9d176eb250d893e3eb378c428a2db38301ce 1638779 libvorbis_1.3.5.orig.tar.gz 46b3115c40020a1179e4ecdcd33f063d821706d4f4409b14224941fcd09d350b 12024 libvorbis_1.3.5-4+deb9u3.debian.tar.xz Files: 16976e34373b0e19b3c37e264826802e 2411 libs optional libvorbis_1.3.5-4+deb9u3.dsc 7220e089f3be3412a2317d6fde9e3944 1638779 libs optional libvorbis_1.3.5.orig.tar.gz 34e32997028ed0d1be63929342f02690 12024 libs optional libvorbis_1.3.5-4+deb9u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGicJQACgkQiNJCh6LY mLHz4A/+JNgbD9dPEBzjxsYWhA0yqlPS5nx3TJ+f74QEFqEw5Bj1u6v6HMbMxJ0I hm/HS9rHPcfvG1HAjCJPVkxilazeOudabWHnapt23sLB8R2QEuVWywjXGK0TC1GI 2aFnvWouesOkTp5ljJYO8K9kYrjFkIYp4vComkdCyp1tWfiLnuBpSp3zy//qVpne rrgIwH/0/6w7VLjqV/ZdJmVEvtvpBwZBc/hJa1nHYNwVCopIBROrGxhdYqJ0XTab faoPwq0dkhf7l31LT36g3Xs9Bkv13uYnR+1KPq/PkmDhiXObCoWAH+LLBAQyGWR5 r+Tp5kAaB0KiAQ8eJMfoEahgr6k+lBVIOVpWgDCjmHyzjBTZCtOB3XlfunnF4bqw DAuSxQncD/RAdVUFZgbL89FRbjujEHbXmfzFdHtZcBds30Wb7b7taydZ7wB9PIzx 0obzf503EibNoEpHPuiZWnoD8BQqs6O9Z0hVlV9RC5FPL16nRN7KzZ9Wds+K581Q oTjEZxucNlH8OqL3Fq3sopKy3DYQ9j2Fy7WZabPPFyhlf6vGCtcRM/JAzHHBRcCr m17Nqqddejp/F6bcMCZAE8kB4M7lEajq+YMZ38cNFBsuD1YvNMRGVpk9XcblmcyV lnIaUIAqEsLdj3XC1pHpSHjTeZUnZ7M/dIvO2QYDj3t+cUUTUb0= =GgOA -----END PGP SIGNATURE-----