-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 12 May 2018 10:11:05 +0200 Source: libmad Binary: libmad0 libmad0-dev Architecture: source amd64 Version: 0.15.1b-7+deb7u1 Distribution: wheezy-security Urgency: medium Maintainer: Mad Maintainers <pkg-mad-maintainers@lists.alioth.debian.org> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Description: libmad0 - MPEG audio decoder library libmad0-dev - MPEG audio decoder development library Closes: 287519 Changes: libmad (0.15.1b-7+deb7u1) wheezy-security; urgency=medium . * Non-maintainer upload by the LTS team. * Apply Kurt's patches from 0.15.1b-8+deb8u1: * Properly check the size of the main data. The previous patch only checked that it could fit in the buffer, but didn't ensure there was actually enough room free in the buffer. This was assigned both CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a different way to detect it. (Closes: #287519) * Rewrite patch to check the size of buffer. It now checks it before reading it instead of afterwards checking that we did read too much. This now also covers parsing the frame and layer3, not just layer 1 and 2. This was original reported in #508133. CVE-2017-8374 mentions a case in layer 3. Checksums-Sha1: 7a14c8223e3c3dc864f9978757d0f38b3761280d 1882 libmad_0.15.1b-7+deb7u1.dsc cac19cd00e1a907f3150cc040ccc077783496d76 502379 libmad_0.15.1b.orig.tar.gz af6a1d242e5b16272993133d4abfb507060b10e1 255730 libmad_0.15.1b-7+deb7u1.diff.gz 82f561605339e3ae400034bb9eedf3b08ebf93f3 79370 libmad0_0.15.1b-7+deb7u1_amd64.deb a86bb3f15c9677ef16fe663b94a0e5e02750c1c5 92322 libmad0-dev_0.15.1b-7+deb7u1_amd64.deb Checksums-Sha256: 1c60338f66c4219ee4725f79d9d7c4a56cb0f8361f2f55d487ba314c541d458e 1882 libmad_0.15.1b-7+deb7u1.dsc bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690 502379 libmad_0.15.1b.orig.tar.gz 61802402a2b7d3a66643e1168b834a00c8f56aa3bcc1fa150423457024d8de81 255730 libmad_0.15.1b-7+deb7u1.diff.gz 11ab6fe0dafe0c04a28876e04b478bfd8b12952daf7930037042822a71c7518f 79370 libmad0_0.15.1b-7+deb7u1_amd64.deb c24718bfe3a9dc1abe5b4a259880257ad1e97370d9c52a5ffb5c4aaa8887bddf 92322 libmad0-dev_0.15.1b-7+deb7u1_amd64.deb Files: 597c658d9d94b9eb9d347e19c8dc1ed4 1882 sound optional libmad_0.15.1b-7+deb7u1.dsc 1be543bc30c56fb6bea1d7bf6a64e66c 502379 sound optional libmad_0.15.1b.orig.tar.gz df25c50a4bba3b0692b0d499c7416466 255730 sound optional libmad_0.15.1b-7+deb7u1.diff.gz 693255f0c22c1d85f9dcd38f01817766 79370 libs optional libmad0_0.15.1b-7+deb7u1_amd64.deb f3c0bbc11f75139d5e4e6321371a878d 92322 libdevel optional libmad0-dev_0.15.1b-7+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlr+d44ACgkQnUbEiOQ2 gwINkRAAyqdQtADO+skwlBffWrIHuCnvotYkqtPa8GWFZRHNRBa/Lb5AVbbz4ZBu MCCHcg1fRTTYEq6K9fofPn92rXprm72+kUb6NU2NXlmdgmYcXSyBxQnmCN8qgl5H 5YtRyZJ6vwZbbhv0nUMU9cv8XQ0vIREn96e2+a9P8PSF9JmQqK2APXIMiafVQS76 TtKSofZjQQfKDooYGxergpURPUTsL25mDB0GCJ5k9Lsjbyv1ywiWaRIoyyySZdvI BBvh2vBpCYnIqsK75r0XMiAuQDCuVeUEneC3u6zK7FY5/6K4ckbQ64kg2WQQuk9z M3tZeTDyAYtXWky0Tf3aMrHkmeKZBLjzC2eu54mJ1kcV2pJ4hfv+iOR1JsK0Kij0 qAffrcFGMpDLrO1NlEYXqucYMGUfQE0X7EodVaRlb1qukN+z7Ip+PA36ufN0MaQk sA90eZc9NOV3Tb9yj6R+irVEntAK+3gjVIbRNMre0nluLhufvKcXLWqGaC1rSnb7 K7l1/MI0M9Ug/iYJ+68g3HGhVgfVJpslvswhpxzlo7zXocM5+AZ0I1wyiIkceaiG p5X25AVLJsysg3y7RpqwYX1E2qdyoyealaTsCQ1G3YV7YG6YNfbRU16UoqvKucAa 0VChQNCCi7JONjaT7A4JzH9sAg3pwydU+lFSrw7/9oTkowd7aPk= =04iF -----END PGP SIGNATURE-----
