-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 27 Sep 2017 03:21:24 +0930
Source: mp3splt
Binary: mp3splt mp3splt-gtk libmp3splt mp3splt-dbg
Architecture: source amd64
Version: 2.6.2+20170630-2
Distribution: unstable
Urgency: medium
Maintainer: Ron Lee <ron@debian.org>
Changed-By: Ron Lee <ron@debian.org>
Description:
libmp3splt - support library for mp3splt and mp3splt-gtk
mp3splt - split MP3, Ogg Vorbis, or FLAC files without re-encoding
mp3splt-dbg - debugging symbols for mp3splt, mp3splt-gtk and libmp3splt
mp3splt-gtk - split MP3, Ogg Vorbis, or FLAC files without re-encoding
Changes:
mp3splt (2.6.2+20170630-2) unstable; urgency=medium
.
* Properly zero the ogg and vorbis state structures after they are malloc'd.
This fixes the second issue that was indicated in CVE-2017-11333, which
isn't actually the fault of libvorbis. It's caused by the libmp3splt ogg
plugin unwinding when the error in the test file is detected, and calling
vorbis_block_clear() on an uninitialised vorbis_block struct before the
call to vorbis_block_init() occurs. Similar things would go badly for the
other uninitialised structs if this one didn't explode first.
Checksums-Sha1:
a17f167030a3b36f810e46cfeb68a3a8604aa5fc 2253 mp3splt_2.6.2+20170630-2.dsc
2313ab53c72817d7d0888a81c5f078d539990950 6145 mp3splt_2.6.2+20170630-2.diff.gz
d98c05549ebc2afe26310c557f50e5b2ed12618a 310228 libmp3splt_0.9.2-2_amd64.deb
55586eb64fac4729760cd1a6ea8fb68286a10ca3 605792 mp3splt-dbg_2.6.2+20170630-2_amd64.deb
7b2b5b8c978c953449672ef79780028b66aa289e 431938 mp3splt-gtk_0.9.2-2_amd64.deb
80fa0aeef89f2567dcff8f0c5153054eb798aeac 18365 mp3splt_2.6.2+20170630-2_amd64.buildinfo
22b908e6b238da804ea27cce5a9402c8972674d4 43208 mp3splt_2.6.2+20170630-2_amd64.deb
Checksums-Sha256:
b4331c57a85979accd235b4efefca9e47e2eb06d531a54a1710482d5903a67f9 2253 mp3splt_2.6.2+20170630-2.dsc
7d60901dd0495c710d3f51b933bc1cedafb4eca612578cdc0f6f9ede0ceff207 6145 mp3splt_2.6.2+20170630-2.diff.gz
9f7405e8d31c8a6d29e0d9fdad842eb17c0d78094f8a9a6cb609eeca9f74e981 310228 libmp3splt_0.9.2-2_amd64.deb
2a8f64d3cc18b66e5a7a597337585a4633bdc04bfac7b28b7b421ff95b893df3 605792 mp3splt-dbg_2.6.2+20170630-2_amd64.deb
93fe05260ad85e6d618eb223ce9c3f46d4e825ebbaafc917e9fe83ccfb9bd734 431938 mp3splt-gtk_0.9.2-2_amd64.deb
facefc3c40bdf9b5d34df47d68031f39732b7accb022cecbfd1e216be93d707c 18365 mp3splt_2.6.2+20170630-2_amd64.buildinfo
61ad399b7e3646b33f875197a6a0c397e639f54b34d0f203211db0ddb2400eab 43208 mp3splt_2.6.2+20170630-2_amd64.deb
Files:
ef9c7ee7b1955370fd3cd12380ad05f6 2253 sound optional mp3splt_2.6.2+20170630-2.dsc
75116540dc4d26bdf85a5ceb06cf879c 6145 sound optional mp3splt_2.6.2+20170630-2.diff.gz
c240318a4a608e877c63c0280d898759 310228 libs optional libmp3splt_0.9.2-2_amd64.deb
f83a1a725e5350d0bfc55764cd6d6338 605792 debug extra mp3splt-dbg_2.6.2+20170630-2_amd64.deb
072e573d9b35f43b050db5490fcffe54 431938 sound optional mp3splt-gtk_0.9.2-2_amd64.deb
498b977a58cd4e97e2df8779ceb60c37 18365 sound optional mp3splt_2.6.2+20170630-2_amd64.buildinfo
2044bc5387681df159267fe5a204636e 43208 sound optional mp3splt_2.6.2+20170630-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJZyp1bAAoJECSWn9pgwHEsql4P/044mjAvSsAq7ULrdZexyec+
XAcYUMCzGFbUTNNnIvvlMB66vhrJSlrLStxjQbDxk5mhTQTQY45K8YLJqlBgyjvL
1YS098nCWoI/2mbebmt/gbj1JpPjT0/WnK0U6nTVkj7lBLCuroS/upeE/XRP6Zk2
q+dSIsOO+QLsZ49HljkY+Q3wVSWaWMdc6xBPuTqx0NqIDyq5Kz2U8LWimm2jEI46
lnNdIvEdrEpa9HYH+eN8G04fJaNImQBxPl0W4++7igOS1FQrmikqynUomEo58Xnc
3MWHojS+NtcoqGX/LP/ovEPzEp9iMbs3mOrKnwt86V0pjsIj20Xd+MyjpCa+BTiU
icyP4y0YMV4UMxQ9UPkTPJv3NOX15zjS532lj5qhwbiOaBGSha+rb4yFoxuZ+sJY
pzARsiQzEy/T9RmHemtsbfg0a+5zlSdtsHv6b+vwOVjjTEzajMjPuu7zBlJnBxNP
L3vjj+1T00D/2wRcQJSX0rVu5iuZun/qw7FFzE+wwt/YDmir0S10A33UJzrEAu1m
mJyPDQnd9yMZ/erltduJudzgdca1Uui3iWGAO493uSkLxR+IhalPAjMlS2pFz41P
xfqMw3TIhw0dc8AuU5oo/9VaBbbmug1BhLYSRYLecSp4fNy4l0ISSp0NulM1Dxll
Pb3nhEOw0ksxFVG0EiNu
=MSUl
-----END PGP SIGNATURE-----
