-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 11 Sep 2009 21:50:21 -0500 Source: libsndfile Binary: libsndfile1-dev libsndfile1 sndfile-programs Architecture: source i386 Version: 1.0.18-2+squeeze1 Distribution: testing-security Urgency: high Maintainer: Samuel Mimram <smimram@debian.org> Changed-By: Raphael Geissert <geissert@debian.org> Description: libsndfile1 - Library for reading/writing audio files libsndfile1-dev - Library for reading/writing audio files sndfile-programs - Sample programs that use libsndfile Closes: 528650 Changes: libsndfile (1.0.18-2+squeeze1) testing-security; urgency=high . * Non-maintainer upload by the Testing Security Team. * Upload to testing due to several issues blocking migration of new release * The following issues are fixed: - CVE-2009-1788: heap-based buffer overflow in voc_read_header leading to arbitrary code execution via crafted VOC headers. - CVE-2009-1791: heap-based buffer overflow in aiff_read_header leading to arbitrary code execution via crafted AIFF headers. (Closes: #528650). - CVE-2009-0186: integer overflow leading to a heap-based buffer overflow via a crafted CAF file by limiting the number of channels per frame. Checksums-Sha1: 2278339cd19bb4dcad5c27a27de1803c43cb2e24 1220 libsndfile_1.0.18-2+squeeze1.dsc d0fb643dc5b1030cf769e06d1260c70320fc877e 923666 libsndfile_1.0.18.orig.tar.gz 90be2336e0001c85074d068c9e72717564f3b134 10519 libsndfile_1.0.18-2+squeeze1.diff.gz 73f58df9e2f38fe95909d4d19ef107f8d84bc6b6 340352 libsndfile1-dev_1.0.18-2+squeeze1_i386.deb 3c6f2831fe5f5b66afa2a95c6e2ca8a60dadd2f5 213524 libsndfile1_1.0.18-2+squeeze1_i386.deb 1d15863ff01bb577729d6adc692b0ae5768b8dfb 90824 sndfile-programs_1.0.18-2+squeeze1_i386.deb Checksums-Sha256: 9c221254341720591d995a373cfb26663446df5ea5143c26f6024ebedc587f36 1220 libsndfile_1.0.18-2+squeeze1.dsc c0821534a8510982d26b3085b148d9091dede53780733515eb49c99a65da293a 923666 libsndfile_1.0.18.orig.tar.gz ef79b645082d4a7935b9b461dde214d2ef971dccfd9cf3a3950b27945c086290 10519 libsndfile_1.0.18-2+squeeze1.diff.gz f0df48aec7def082c4272773da1d6aeb3b4c7cd62fa55c4b2f3579557f4aba6b 340352 libsndfile1-dev_1.0.18-2+squeeze1_i386.deb b674d9d36892d0a9e48fee8e7123e01b522d46b7e4894d8d392c97ac838e0830 213524 libsndfile1_1.0.18-2+squeeze1_i386.deb cae6bd9aa2c716549065e7cb6082afd2fdaaf9c02b99a8211c9cd7733d603c3c 90824 sndfile-programs_1.0.18-2+squeeze1_i386.deb Files: bfcd0eb037b3cd061ee1473d867fe1d7 1220 devel optional libsndfile_1.0.18-2+squeeze1.dsc 9fde6efb1b75ef38398acf856f252416 923666 devel optional libsndfile_1.0.18.orig.tar.gz 3ea60755d2a68a97c16feb7e18f31cc6 10519 devel optional libsndfile_1.0.18-2+squeeze1.diff.gz 17ceb59ccc83d69cfb0f65ea4fd7cabb 340352 libdevel optional libsndfile1-dev_1.0.18-2+squeeze1_i386.deb 1c7e5608d63ff78d6a048230013e70b7 213524 libs optional libsndfile1_1.0.18-2+squeeze1_i386.deb 589c79f46d544d49bf85a2d933781ec8 90824 utils optional sndfile-programs_1.0.18-2+squeeze1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqseaYACgkQYy49rUbZzlqFDwCglXHTwjynXI5rGYqVW26Sfz0p +YgAnjra5YgoWKk77T/2cHAxUk7XsvEv =9hMo -----END PGP SIGNATURE----- Accepted: libsndfile1-dev_1.0.18-2+squeeze1_i386.deb to pool/main/libs/libsndfile/libsndfile1-dev_1.0.18-2+squeeze1_i386.deb libsndfile1_1.0.18-2+squeeze1_i386.deb to pool/main/libs/libsndfile/libsndfile1_1.0.18-2+squeeze1_i386.deb libsndfile_1.0.18-2+squeeze1.diff.gz to pool/main/libs/libsndfile/libsndfile_1.0.18-2+squeeze1.diff.gz libsndfile_1.0.18-2+squeeze1.dsc to pool/main/libs/libsndfile/libsndfile_1.0.18-2+squeeze1.dsc sndfile-programs_1.0.18-2+squeeze1_i386.deb to pool/main/libs/libsndfile/sndfile-programs_1.0.18-2+squeeze1_i386.deb
