Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <dak@security.debian.org>
Subject: Accepted libvorbis 1.3.4-2+deb8u1 (source) into oldstable->embargoed, oldstable
Date: Fri, 16 Mar 2018 19:38:08 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 16 Mar 2018 18:18:30 +0100
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev libvorbis-dbg
Architecture: source
Version: 1.3.4-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libvorbis-dbg - debug files for Vorbis General Audio Compression Codec
 libvorbis-dev - development files for Vorbis General Audio Compression Codec
 libvorbis0a - decoder library for Vorbis General Audio Compression Codec
 libvorbisenc2 - encoder library for Vorbis General Audio Compression Codec
 libvorbisfile3 - high-level API for Vorbis General Audio Compression Codec
Changes:
 libvorbis (1.3.4-2+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Prevent out-of-bounds write in codebook decoding (CVE-2018-5146)
Checksums-Sha1: 
 d363434d8b122405ed866534be519955585f8c98 2455 libvorbis_1.3.4-2+deb8u1.dsc
 1602716c187593ffe4302124535240cec2079df3 1632091 libvorbis_1.3.4.orig.tar.gz
 2c62028c64ac52754a06d295da67510bd15a6b08 12664 libvorbis_1.3.4-2+deb8u1.debian.tar.xz
Checksums-Sha256: 
 0f7d44d5b182d060206437ae92a1d2e5f6ef74637195c7554483a7134d81e8b8 2455 libvorbis_1.3.4-2+deb8u1.dsc
 eee09a0a13ec38662ff949168fe897a25d2526529bc7e805305f381c219a1ecb 1632091 libvorbis_1.3.4.orig.tar.gz
 09ce07a86b4be1764d6a7c4bfcdca9c528fa10e947c695ce8b7dac0548fad7f0 12664 libvorbis_1.3.4-2+deb8u1.debian.tar.xz
Files: 
 0534c9e21d6941fb5af60915bd8576fe 2455 libs optional libvorbis_1.3.4-2+deb8u1.dsc
 8851c593a52d1ef9c526d95174873852 1632091 libs optional libvorbis_1.3.4.orig.tar.gz
 e2c7a40592abca341f5af188a225b8b0 12664 libs optional libvorbis_1.3.4-2+deb8u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqr/RBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EiJwP/2KDKV8NxMWftwqMngSx8u7BygBIhQAP
rFUIt4y0MQD+zlXQx7yijMLByrJUpaHouog2V1xZZiME4xoTp8akvlmRf3Qt7iI+
936ypOCM8eXLoxyKyn1gbrfGc7kPe0qZWuEwwJBvhgQxaomWd/E9z3pXNFu+gYB3
hsLP/TmJ28vM+U1zSlJAW2Feef0cy97XbMjO5Eu1ex1vy3q2aiffnDjb/OugOWHf
I/KtK+d2M5hi8iTjOTrI36HsxT/6X6BJALm4ea5gGIQSlJx18bLYJZS/tgCivykX
FByqw4IyH2opD7LjnJ7xwhhPu6ISSk1Q/OTNi7bPHu75QHmgU55lF6CwFwaNhZkw
FHFA+bNnXihO8trST60LtWv0AkbIeTpU4T2ibrBleIPiytpMenhUNYQCFELqEdgG
3bRiLSP7ufR6iI4bagjLEMNUebXOlF7NsfYWEJMGNTFEcXpjLf5acWhozUibSQGz
8+lzhfGc1803p4qiX+uaIQBqGO02/JtIy27fPa9OufQrqcLevGAVoecNmK4a5Hva
iuX7KtYa+KydL4hNO/zjvzBqfWEr8aKH59qsMkBs+6KvIyhTtH5EWdCf6JzJ5ThS
aDKVyPaFVkWC4d9xYeIhFmGgVx6X3YjfESvZulpiszdlQtLCOus9z1ZZ6kl0EZqH
Eesq02XZzbOm
=oRnq
-----END PGP SIGNATURE-----
News for package libvorbis
