[libvorbis] 05/05: releasing package libvorbis version 1.3.6-1

[Petter Reinholdtsen]

This is an automated email from the git hooks/post-receive script.

pere pushed a commit to annotated tag debian/1.3.6-1
in repository libvorbis.

commit 875032efc5bb8fc074e655f41a6f3eaa06cad95a
Author: Petter Reinholdtsen <pere at hungry.com>
Date:   Thu Mar 22 08:27:30 2018 +0100

    releasing package libvorbis version 1.3.6-1
---
 debian/changelog | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 47ee802..fc05833 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+libvorbis (1.3.6-1) unstable; urgency=medium
+
+  * Add more used CPE strings to d/upstream/metadata.
+  * Fix typo in patch description.  Thanks lintian.
+  * Updated Standards-Version from 3.9.8 to 4.1.3.
+  * Changed debhelper compat level from 9 to  10.
+  * Remove no longer needed Testsuite header from d/control.
+  * Drop binary package libvorbis-dbg.  Use automatically generated dbgsym
+    package instead.
+  * New upstream version 1.3.6.
+    - Fixes CVE-2018-5146 - out-of-bounds write on codebook decoding.
+    - Fixes CVE-2017-14632 - free() on uninitialized data
+    - Fixes CVE-2017-14633/CVE-2017-14633 - out-of-bounds read (Closes: 870341)
+    - Removed obsolete patches
+      CVE-2017-14633-Don-t-allow-for-more-than-256-channels.patch,
+      CVE-2017-14632-vorbis_analysis_header_out-Don-t-clear-opb.patch and
+      CVE-2018-5146-Prevent-out-of-bounds-write-in-codeboo.patch.
+
+ -- Petter Reinholdtsen <pere at debian.org>  Thu, 22 Mar 2018 08:22:56 +0100
+
 libvorbis (1.3.5-4.2) unstable; urgency=medium
 
   * Non-maintainer upload.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xiph/libvorbis.git