-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 22 Mar 2018 08:22:56 +0100 Source: libvorbis Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev Architecture: source Version: 1.3.6-1 Distribution: unstable Urgency: medium Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org> Changed-By: Petter Reinholdtsen <pere@debian.org> Description: libvorbis-dev - development files for Vorbis General Audio Compression Codec libvorbis0a - decoder library for Vorbis General Audio Compression Codec libvorbisenc2 - encoder library for Vorbis General Audio Compression Codec libvorbisfile3 - high-level API for Vorbis General Audio Compression Codec Closes: 870341 Changes: libvorbis (1.3.6-1) unstable; urgency=medium . * Add more used CPE strings to d/upstream/metadata. * Fix typo in patch description. Thanks lintian. * Updated Standards-Version from 3.9.8 to 4.1.3. * Changed debhelper compat level from 9 to 10. * Remove no longer needed Testsuite header from d/control. * Drop binary package libvorbis-dbg. Use automatically generated dbgsym package instead. * New upstream version 1.3.6. - Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding. - Fixes CVE-2017-14632 - free() on uninitialized data - Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341) - Removed obsolete patches CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch, CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch. Checksums-Sha1: 90428057f024c9f6ffe107185537b742d1dfca80 2329 libvorbis_1.3.6-1.dsc 91f140c220d1fe3376d637dc5f3d046263784b1f 1634357 libvorbis_1.3.6.orig.tar.gz cedc150c18f4cf8f7b30daa3d166b9ea3ac78398 10908 libvorbis_1.3.6-1.debian.tar.xz a07095869b222e5169df39a84963687cffad198b 6398 libvorbis_1.3.6-1_source.buildinfo Checksums-Sha256: b79f5142a86459692e7aaa640f502e0498f0a800c9eb4034474b5ed555d22479 2329 libvorbis_1.3.6-1.dsc 6ed40e0241089a42c48604dc00e362beee00036af2d8b3f46338031c9e0351cb 1634357 libvorbis_1.3.6.orig.tar.gz 07b50db2f54af6e05977ae07e553d2315ba1208b59e3b6a9880b7a802aa74538 10908 libvorbis_1.3.6-1.debian.tar.xz 0ce8dc330ea5c115f885b9beb9dbae1baacb3372e39bec45d42af9dfc9230a52 6398 libvorbis_1.3.6-1_source.buildinfo Files: 5aa42961f060be5ecf28e525e09d138b 2329 libs optional libvorbis_1.3.6-1.dsc d3190649b26572d44cd1e4f553943b31 1634357 libs optional libvorbis_1.3.6.orig.tar.gz 717537b0865e5f7cdffaacf42fa9d4b8 10908 libs optional libvorbis_1.3.6-1.debian.tar.xz 990d25f3aad1126ffd329055c1deb41e 6398 libs optional libvorbis_1.3.6-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAlqzWxIACgkQgSgKoIe6 +w7JbQ//XT1104gu0P59VvwkgVAJnr10I+tJN/pBj8qKaiz6e1sRO1i5s0DkYmuu SzLxyYW7ZRVM6IpNr6IBcNfSfLycAInK53dZ+hmbLDNkGpLIKV4yUOKiltfpPUGf YK97tMIOQX6VDl2ImNsGk+uXuc1Ms1rjrEjBFVMpVFvCVcIxivHDIG8Hiuyd51SG rFiUBImWngC95mDsOfRlylSU8OFNVeBqnHDGHqcKrCmkVfbaS1b1bq+agSdlyMJG nd561wimGyLXl+3AMbUBC8Vge5zuVII80zw+pawRUaSUOsm8q2fxhyPcRsFNarui 0T5KNNjb58mmmM4BDE6Qce4pwBweY92I01Kp5uVy6ajMjlWzaz0BsV6ZapqK216f M01Z75ddueWeuSlDPYitXBn27ZJOSIznSrHLuslCEYrR1xrXkKmsy1kL9I0zdtz5 dpiKuNjfeEVPv7U5G25FG1kCuAPcu1k/J5gJdPupM8Lg/tepZ8fwW6VKseLssBJ9 HkRQqi1a+CBLWZVjjGLr2i1gAlGXtmQCuXzMzg9VIRP8F0SRE8Yo3MMZ5JmIx5v1 rThAxWNic1ZhcSLiEY5U3G9lbCKghYrywDMBJ0qA9UytR+CczSLZGKZtILKilTJk /JSkugL0kEp5Olg02tIDVWU4HbHuw+VlGFDACdlernYoh7aT0oY= =xntX -----END PGP SIGNATURE-----