-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 12 Jun 2009 11:54:53 +0000 Source: libsndfile Binary: libsndfile1 libsndfile1-dev sndfile-programs Architecture: source amd64 Version: 1.0.16-2+etch2 Distribution: oldstable-security Urgency: high Maintainer: Anand Kumria <wildfire@progsoc.org> Changed-By: Nico Golde <nion@debian.org> Description: libsndfile1 - Library for reading/writing audio files libsndfile1-dev - Library for reading/writing audio files sndfile-programs - Sample programs that use libsndfile Closes: 528650 Changes: libsndfile (1.0.16-2+etch2) oldstable-security; urgency=high . * Non-maintainer upload by the Security Team. * This update addresses the following security issues: - CVE-2009-1788: heap-based buffer overflow in voc_read_header leading to arbitrary code execution via crafted VOC headers. - CVE-2009-1791: heap-based buffer overflow in aiff_read_header leading to arbitrary code execution via crafted AIFF headers. (Closes: #528650). Files: fe69a3bbf260e7539ec189fe9d81889d 659 devel optional libsndfile_1.0.16-2+etch2.dsc 8a43fb7713b8247bd1e5f1bf7a6e9923 6453 devel optional libsndfile_1.0.16-2+etch2.diff.gz 0b5e2551db19f1e67d90fb402a3e4b55 322608 libdevel optional libsndfile1-dev_1.0.16-2+etch2_amd64.deb 1ad927a4dde060a045052031c6dee298 187554 libs optional libsndfile1_1.0.16-2+etch2_amd64.deb efc9612d010aa0e9f260e4726f7fd809 70818 utils optional sndfile-programs_1.0.16-2+etch2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoyQ9EACgkQHYflSXNkfP87PgCfWtEqM6b9vhmR6IiEtreXBDkr rBoAn1Cy6DFKm9a1kZn36VOGWd2ISY9Q =kJPH -----END PGP SIGNATURE----- Accepted: libsndfile1-dev_1.0.16-2+etch2_amd64.deb to main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_amd64.deb libsndfile1_1.0.16-2+etch2_amd64.deb to main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_amd64.deb libsndfile_1.0.16-2+etch2.diff.gz to main/libs/libsndfile/libsndfile_1.0.16-2+etch2.diff.gz libsndfile_1.0.16-2+etch2.dsc to main/libs/libsndfile/libsndfile_1.0.16-2+etch2.dsc sndfile-programs_1.0.16-2+etch2_amd64.deb to main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_amd64.deb