Accepted libvorbis 1.3.2-1.3+deb7u1 (source amd64) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libvorbis 1.3.2-1.3+deb7u1 (source amd64) into oldoldstable
From: Antoine Beaupré <anarcat@debian.org>
Date: Mon, 30 Apr 2018 01:40:23 +0000
Message-id: <[🔎] E1fCxnj-0005dJ-5i@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 19 Apr 2018 11:59:46 -0400
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev libvorbis-dbg
Architecture: source amd64
Version: 1.3.2-1.3+deb7u1
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
 libvorbis-dbg - The Vorbis General Audio Compression Codec (debug files)
 libvorbis-dev - The Vorbis General Audio Compression Codec (development files)
 libvorbis0a - The Vorbis General Audio Compression Codec (Decoder library)
 libvorbisenc2 - The Vorbis General Audio Compression Codec (Encoder library)
 libvorbisfile3 - The Vorbis General Audio Compression Codec (High Level API)
Changes:
 libvorbis (1.3.2-1.3+deb7u1) wheezy-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2017-14633: In Xiph.Org libvorbis 1.3.5, an out-of-bounds array
     read vulnerability exists in the function mapping0_forward() in
     mapping0.c, which may lead to DoS when operating on a crafted audio
     file with vorbis_analysis().
   * CVE-2017-14632: Xiph.Org libvorbis 1.3.5 allows Remote Code Execution
     upon freeing uninitialized memory in the function
     vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar
     issue to Mozilla bug 550184.
   * CVE-2017-11333: The vorbis_analysis_wrote function in lib/block.c in
     Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of
     service (OOM) via a crafted wav file.
   * CVE-2018-5146: out-of-bounds memory write in the codeboook parsing
     code of the Libvorbis multimedia library could result in the execution
     of arbitrary code.
Checksums-Sha1:
 2997e8e228e474780699a529fa59f2fbc5f5a69e 1743 libvorbis_1.3.2-1.3+deb7u1.dsc
 4b089ace4c8420c479b2fde9c5b01588cf86c959 1483719 libvorbis_1.3.2.orig.tar.gz
 c2bcd6756abab358efc0e1de36f40bce3342c3f8 10808 libvorbis_1.3.2-1.3+deb7u1.diff.gz
 934f86d438f79bee94787f40006572daaa2eb98d 110238 libvorbis0a_1.3.2-1.3+deb7u1_amd64.deb
 799141b1447ca62e8a34ac96a533b8c70eb19fd8 145218 libvorbisenc2_1.3.2-1.3+deb7u1_amd64.deb
 26cdd1f202980cfebb5f9189f03a2e09d976136d 25604 libvorbisfile3_1.3.2-1.3+deb7u1_amd64.deb
 c05e2ffe81d2c8670b2fd65bb8a1fd2d93fd99ab 479786 libvorbis-dev_1.3.2-1.3+deb7u1_amd64.deb
 cd8a14a8a7f6450988b8d261c4fbca9a1060517d 261050 libvorbis-dbg_1.3.2-1.3+deb7u1_amd64.deb
Checksums-Sha256:
 ebab1c10376395839a9b22e5dbf159626309b0022921027fe7548d85c5e37c40 1743 libvorbis_1.3.2-1.3+deb7u1.dsc
 eeb4dcada143846dfba760d982954a02f82e08845cbc33871f5dac547b8b6124 1483719 libvorbis_1.3.2.orig.tar.gz
 038bc0c4301dc05dd1a0a11ae17554193c457664edefa46306d6bad44d74a207 10808 libvorbis_1.3.2-1.3+deb7u1.diff.gz
 bac1b77ad291a9e1ec191168f6e7a26c20eb5c5b3c791014a8113b8f25f24061 110238 libvorbis0a_1.3.2-1.3+deb7u1_amd64.deb
 21b8ac2486aeca62dc52183080c5819b767b3ca9fbdbb6fdd48b4682590a5458 145218 libvorbisenc2_1.3.2-1.3+deb7u1_amd64.deb
 878dde48da3448b9017ff0d3db5ca8df4bf09f7eec917ce21f6988487c852252 25604 libvorbisfile3_1.3.2-1.3+deb7u1_amd64.deb
 4595f82311f94e173e9631984b3a9bdd2f177b8fa4d43c82f2b919541b712872 479786 libvorbis-dev_1.3.2-1.3+deb7u1_amd64.deb
 e37a275a877d140a3d1b206d2e4750e87976a429c889755a72c5ad6c24b0e86f 261050 libvorbis-dbg_1.3.2-1.3+deb7u1_amd64.deb
Files:
 7d619c39b23299acc8ab14d119368f4f 1743 libs optional libvorbis_1.3.2-1.3+deb7u1.dsc
 c870b9bd5858a0ecb5275c14486d9554 1483719 libs optional libvorbis_1.3.2.orig.tar.gz
 044a9c9cf809d4bb091146136e592866 10808 libs optional libvorbis_1.3.2-1.3+deb7u1.diff.gz
 9a7eab1eeb727ebbe86f572d63568e58 110238 libs optional libvorbis0a_1.3.2-1.3+deb7u1_amd64.deb
 8fbc160ef16a7dd4fb80746a8dba3205 145218 libs optional libvorbisenc2_1.3.2-1.3+deb7u1_amd64.deb
 94c04c5af45972c303d0992c2771b993 25604 libs optional libvorbisfile3_1.3.2-1.3+deb7u1_amd64.deb
 db6bf2778c0f9abedb8996f43478db19 479786 libdevel optional libvorbis-dev_1.3.2-1.3+deb7u1_amd64.deb
 c079668aa9bd12cba2881e86054a6df7 261050 debug extra libvorbis-dbg_1.3.2-1.3+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlrmb9oACgkQPqHd3bJh
2XtDtQgAkuSKFmpvOLUbPRSUYTwn3qlxG+syHag9VIglpMbJ5LVboSs/EPu6XLIr
HqeRuQUjjKFQzmVXMvjuL3Eyn+ZsmjTvHmNLZqCE0+bMOf/R6Prq6Gd9T0BKy35E
fueq/xpXnCCtz9XkOSd8iugDYOkAxHwURsuwmrixRB2RMCBVoxBGe6vx7QDJUIE9
Z/nVtaWf9IAREbatTXGBuxdm2Nhy292O937hfPhfl8wL7tKNNAwDXwKFU9avdxax
zHJlZPyHB/23kYoVtnvMW9e+wCgPdqs2kFq1D2BYiFmWuKgEUvEweKrk064dHK4b
qDS5NPXhoqqLRhQDfhhw+7aKAljN2A==
=nzxv
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted slurm-llnl 2.3.4-2+deb7u2 (source amd64 all) into oldoldstable
Previous by thread: Accepted slurm-llnl 2.3.4-2+deb7u2 (source amd64 all) into oldoldstable
Index(es):
- Date
- Thread