-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 12 Jun 2009 11:49:42 +0000 Source: libsndfile Binary: libsndfile1-dev libsndfile1 sndfile-programs Architecture: source amd64 Version: 1.0.17-4+lenny2 Distribution: stable-security Urgency: high Maintainer: Samuel Mimram <smimram@debian.org> Changed-By: Nico Golde <nion@debian.org> Description: libsndfile1 - Library for reading/writing audio files libsndfile1-dev - Library for reading/writing audio files sndfile-programs - Sample programs that use libsndfile Closes: 528650 Changes: libsndfile (1.0.17-4+lenny2) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * This update addresses the following security issues: - CVE-2009-1788: heap-based buffer overflow in voc_read_header leading to arbitrary code execution via crafted VOC headers. - CVE-2009-1791: heap-based buffer overflow in aiff_read_header leading to arbitrary code execution via crafted AIFF headers. (Closes: #528650). Checksums-Sha1: 61b7b9243336d4c7e3734a8571954d6453a6db5c 1134 libsndfile_1.0.17-4+lenny2.dsc 3c132f2280e27adca3d2050db1f6596ed64073c3 10627 libsndfile_1.0.17-4+lenny2.diff.gz b380fe68022d7b9cbe3f41533e8abcdedecbed05 333800 libsndfile1-dev_1.0.17-4+lenny2_amd64.deb f5187b5e2e5d89f38fe72edceb90e4baef4e5359 191352 libsndfile1_1.0.17-4+lenny2_amd64.deb a53e274545b1d82e32387c4a2e49004901828858 73166 sndfile-programs_1.0.17-4+lenny2_amd64.deb Checksums-Sha256: f3d79c734db14df77b15b26493db4ccb5e8ced8580b92443d39458758f513665 1134 libsndfile_1.0.17-4+lenny2.dsc 69e26930a332ad8d281a9d9bd3aa2d905bb417bf782dde46a8e0af5baeda5ff8 10627 libsndfile_1.0.17-4+lenny2.diff.gz 8b4819a0acd876558fc52f300c3c2d9bfc25d9ffd3d83518aeafa9129b78bd74 333800 libsndfile1-dev_1.0.17-4+lenny2_amd64.deb dbe3b505d20dc02a74815d1a407205a41e610880c4fb090fb8aa9cebe1d368af 191352 libsndfile1_1.0.17-4+lenny2_amd64.deb 0f913ea508267f1803ac67c86307dddc6f510b46bd33dc40250daf115dc863f5 73166 sndfile-programs_1.0.17-4+lenny2_amd64.deb Files: 51d9eb65dd02a51f539d841417d49f1b 1134 devel optional libsndfile_1.0.17-4+lenny2.dsc 2325910ddaba0afbdd7e317e38970bb8 10627 devel optional libsndfile_1.0.17-4+lenny2.diff.gz c082042884f8aa7d54456c7edda82505 333800 libdevel optional libsndfile1-dev_1.0.17-4+lenny2_amd64.deb a7fcfefe56bbe623aedf4c1a716fbd7c 191352 libs optional libsndfile1_1.0.17-4+lenny2_amd64.deb 95ae8a7f7cc414b590492a5ccb8b54bb 73166 utils optional sndfile-programs_1.0.17-4+lenny2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoyQ78ACgkQHYflSXNkfP+8ZgCfYEU3Kne6PLRclqi4krgzCKxY O0IAnjyMs48IJxQhaVCbp57UrE0tMeXO =IWRP -----END PGP SIGNATURE----- Accepted: libsndfile1-dev_1.0.17-4+lenny2_amd64.deb to pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_amd64.deb libsndfile1_1.0.17-4+lenny2_amd64.deb to pool/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_amd64.deb libsndfile_1.0.17-4+lenny2.diff.gz to pool/main/libs/libsndfile/libsndfile_1.0.17-4+lenny2.diff.gz libsndfile_1.0.17-4+lenny2.dsc to pool/main/libs/libsndfile/libsndfile_1.0.17-4+lenny2.dsc sndfile-programs_1.0.17-4+lenny2_amd64.deb to pool/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_amd64.deb
