-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Jan 2025 15:40:54 -0800
Source: libcdio
Architecture: source
Version: 2.1.0-5
Distribution: unstable
Urgency: medium
Maintainer: Gabriel F. T. Gomes <gabriel@debian.org>
Changed-By: Gabriel F. T. Gomes <gabriel@debian.org>
Changes:
libcdio (2.1.0-5) unstable; urgency=medium
.
[ Bruce Cable ]
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-36600-1.patch: Allocates space for
growth and additional buffer in lib/iso9660/rock.c
- debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
count to prevent an overflow in lib/driver/_cdio_stdio.c
- debian/patches/CVE-2024-36600-3.patch: Adds input validation to
unicode16_decode function in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
directory buffer size and total size calculation in
lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
dir read (32-bit) in lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-6.patch: Checks the validity of
i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
only when needed in lib/iso9660/iso9660_fs.c
- CVE-2024-36600
.
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Submit (from ./configure),
Repository-Browse.
* Update standards version to 4.6.1, no changes needed.
.
[ Alessandro Astone ]
* Update optional symbols, resolves lintian error
.
[ Gabriel F. T. Gomes ]
* Fix lintian warning: Build-Depends on obsolete libncursesw5-dev.
Checksums-Sha1:
b4e1e1dd350e657f871abcc588f75e88a858a055 2571 libcdio_2.1.0-5.dsc
77beaac30a65852bc8e772569a06a25cefb14af3 16756 libcdio_2.1.0-5.debian.tar.xz
0d32ea63a57ed60ee1b55190fab8dfbde172756f 10219 libcdio_2.1.0-5_amd64.buildinfo
Checksums-Sha256:
62e29253e87183a4f8251a1874e0c3a2553966c404139416e3b6d3e7c0d0ca4d 2571 libcdio_2.1.0-5.dsc
4dbe0cbaf264b26f98312f1bfc4753b48dd9a0aa378e3e79848efd76478c739e 16756 libcdio_2.1.0-5.debian.tar.xz
f4bf3e666ca7ac103107dc58fc2da4167d448ae2b4e2850f9bb56ed42eef0bca 10219 libcdio_2.1.0-5_amd64.buildinfo
Files:
7186172b7714f6a9f6131ade8aa1992c 2571 libs optional libcdio_2.1.0-5.dsc
023b32b769f9a9a13555f0b6547189b6 16756 libs optional libcdio_2.1.0-5.debian.tar.xz
4f03dbfc24e2ef8a8d3f14a98d500cdd 10219 libs optional libcdio_2.1.0-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEE+wUJHFVUA1wadvc8rpsRODhuyvIFAmeMXVETHGdhYnJpZWxA
ZGViaWFuLm9yZwAKCRCumxE4OG7K8qasEACTLF7ux3OeA5Ir57blYI206g3PosUW
oMPA1wRy9/HGDd9uTjfjBXkHrG4vSKjlkor4euwOXTjZWz/b1Ypi8dhm+u29DNIA
C46c6dayvvsNJdnB9eP9PMFkODVSCk5sW0ry15Wus+cR3WyZyzg4gjlROJ4pwF+a
u7zOQ97gESGPfKreStuUR/XKSb8xTTiILQ5XH8BrSuhjyt1S9zCUjMddw2l3LByY
G0ymHZMwZQJZjIn6JMFIwUZTC0Kna+hHUbMWxUfZFq7I0ouiiba/D0ZXOWRvP2kA
soZruYa0IR07HQARp+dsO1jbxGsCr9RxyGvVCFR6T8bBM2Fja6Cxv8cYREuJKwCX
L6Yurue1ze290ALp1CiZVPZ0+ToeZoFQwmLuMqS4sJ6lIk3hgeSNuUmTmmGWPC6c
YXHljMTOFnONay91HKslYp8RK+hSxSmWdiPgdzEFqMrLzIxSVkX9s0cLvhhxXMFj
h8AIrFrtR2RarOiwu7nLS1mVuUCC9kIw4JcfGfnqWrLp9xK4OBYkdurmfWfk2ZQU
U/TYhCR5zydIcBp5hOV9W6YpewyidVsZjCgjISF8U0r0+QMK7QHh0NMXWLK1WTou
1LUASfQPW3BpOHQuz6uNyiJ70ydBlkjPfjUIjG9NO/Dfmnu5b37uUExnqWucGbqq
Nb9MEuvgcje0tA==
=K3th
-----END PGP SIGNATURE-----
Attachment:
pgpCAjTO38hbS.pgp
Description: PGP signature