[libvorbis] 05/05: releasing package libvorbis version 1.3.6-1
Petter Reinholdtsen
pere at moszumanska.debian.org
Thu Mar 22 08:24:38 UTC 2018
This is an automated email from the git hooks/post-receive script.
pere pushed a commit to annotated tag debian/1.3.6-1
in repository libvorbis.
commit 875032efc5bb8fc074e655f41a6f3eaa06cad95a
Author: Petter Reinholdtsen <pere at hungry.com>
Date: Thu Mar 22 08:27:30 2018 +0100
releasing package libvorbis version 1.3.6-1
---
debian/changelog | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 47ee802..fc05833 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+libvorbis (1.3.6-1) unstable; urgency=medium
+
+ * Add more used CPE strings to d/upstream/metadata.
+ * Fix typo in patch description. Thanks lintian.
+ * Updated Standards-Version from 3.9.8 to 4.1.3.
+ * Changed debhelper compat level from 9 to 10.
+ * Remove no longer needed Testsuite header from d/control.
+ * Drop binary package libvorbis-dbg. Use automatically generated dbgsym
+ package instead.
+ * New upstream version 1.3.6.
+ - Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding.
+ - Fixes CVE-2017-14632 - free() on uninitialized data
+ - Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341)
+ - Removed obsolete patches
+ CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch,
+ CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and
+ CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch.
+
+ -- Petter Reinholdtsen <pere at debian.org> Thu, 22 Mar 2018 08:22:56 +0100
+
libvorbis (1.3.5-4.2) unstable; urgency=medium
* Non-maintainer upload.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xiph/libvorbis.git
More information about the pkg-xiph-commits
mailing list