Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libcdio 2.1.0-5 (source) into unstable
Date: Sun, 19 Jan 2025 02:57:30 +0000
Signed by: Gabriel F. T. Gomes <gabriel@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Jan 2025 15:40:54 -0800
Source: libcdio
Architecture: source
Version: 2.1.0-5
Distribution: unstable
Urgency: medium
Maintainer: Gabriel F. T. Gomes <gabriel@debian.org>
Changed-By: Gabriel F. T. Gomes <gabriel@debian.org>
Changes:
 libcdio (2.1.0-5) unstable; urgency=medium
 .
   [ Bruce Cable ]
   * SECURITY UPDATE: buffer overflow
     - debian/patches/CVE-2024-36600-1.patch: Allocates space for
       growth and additional buffer in lib/iso9660/rock.c
     - debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
       count to prevent an overflow in lib/driver/_cdio_stdio.c
     - debian/patches/CVE-2024-36600-3.patch: Adds input validation to
       unicode16_decode function in lib/udf/udf_fs.c
     - debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
       directory buffer size and total size calculation in
       lib/iso9660/iso9660_fs.c
     - debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
       dir read (32-bit) in lib/iso9660/iso9660_fs.c
     - debian/patches/CVE-2024-36600-6.patch: Checks the validity of
       i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
     - debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
       only when needed in lib/iso9660/iso9660_fs.c
     - CVE-2024-36600
 .
   [ Debian Janitor ]
   * Set upstream metadata fields: Bug-Submit (from ./configure),
     Repository-Browse.
   * Update standards version to 4.6.1, no changes needed.
 .
   [ Alessandro Astone ]
   * Update optional symbols, resolves lintian error
 .
   [ Gabriel F. T. Gomes ]
   * Fix lintian warning: Build-Depends on obsolete libncursesw5-dev.
Checksums-Sha1:
 b4e1e1dd350e657f871abcc588f75e88a858a055 2571 libcdio_2.1.0-5.dsc
 77beaac30a65852bc8e772569a06a25cefb14af3 16756 libcdio_2.1.0-5.debian.tar.xz
 0d32ea63a57ed60ee1b55190fab8dfbde172756f 10219 libcdio_2.1.0-5_amd64.buildinfo
Checksums-Sha256:
 62e29253e87183a4f8251a1874e0c3a2553966c404139416e3b6d3e7c0d0ca4d 2571 libcdio_2.1.0-5.dsc
 4dbe0cbaf264b26f98312f1bfc4753b48dd9a0aa378e3e79848efd76478c739e 16756 libcdio_2.1.0-5.debian.tar.xz
 f4bf3e666ca7ac103107dc58fc2da4167d448ae2b4e2850f9bb56ed42eef0bca 10219 libcdio_2.1.0-5_amd64.buildinfo
Files:
 7186172b7714f6a9f6131ade8aa1992c 2571 libs optional libcdio_2.1.0-5.dsc
 023b32b769f9a9a13555f0b6547189b6 16756 libs optional libcdio_2.1.0-5.debian.tar.xz
 4f03dbfc24e2ef8a8d3f14a98d500cdd 10219 libs optional libcdio_2.1.0-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEE+wUJHFVUA1wadvc8rpsRODhuyvIFAmeMXVETHGdhYnJpZWxA
ZGViaWFuLm9yZwAKCRCumxE4OG7K8qasEACTLF7ux3OeA5Ir57blYI206g3PosUW
oMPA1wRy9/HGDd9uTjfjBXkHrG4vSKjlkor4euwOXTjZWz/b1Ypi8dhm+u29DNIA
C46c6dayvvsNJdnB9eP9PMFkODVSCk5sW0ry15Wus+cR3WyZyzg4gjlROJ4pwF+a
u7zOQ97gESGPfKreStuUR/XKSb8xTTiILQ5XH8BrSuhjyt1S9zCUjMddw2l3LByY
G0ymHZMwZQJZjIn6JMFIwUZTC0Kna+hHUbMWxUfZFq7I0ouiiba/D0ZXOWRvP2kA
soZruYa0IR07HQARp+dsO1jbxGsCr9RxyGvVCFR6T8bBM2Fja6Cxv8cYREuJKwCX
L6Yurue1ze290ALp1CiZVPZ0+ToeZoFQwmLuMqS4sJ6lIk3hgeSNuUmTmmGWPC6c
YXHljMTOFnONay91HKslYp8RK+hSxSmWdiPgdzEFqMrLzIxSVkX9s0cLvhhxXMFj
h8AIrFrtR2RarOiwu7nLS1mVuUCC9kIw4JcfGfnqWrLp9xK4OBYkdurmfWfk2ZQU
U/TYhCR5zydIcBp5hOV9W6YpewyidVsZjCgjISF8U0r0+QMK7QHh0NMXWLK1WTou
1LUASfQPW3BpOHQuz6uNyiJ70ydBlkjPfjUIjG9NO/Dfmnu5b37uUExnqWucGbqq
Nb9MEuvgcje0tA==
=K3th
-----END PGP SIGNATURE-----
News for package libcdio
