Wheezy update of vorbis-tools for CVE-2015-6749
Petter Reinholdtsen
pere at hungry.com
Sun Jul 2 22:50:45 UTC 2017
[Petter Reinholdtsen]
> Thank you. I'm building and testing in wheezy at the moment, and will
> upload when I am done. I would be very happy if someone else took the
> bookkeeping.
I'm not quite sure if the CVE tracker should be updated like this for
LTS entries or not. Perhaps someone who know can update it if that is
the right thing to do?
Index: list
===================================================================
--- list (revision 53134)
+++ list (working copy)
@@ -66164,7 +66164,7 @@
{DLA-317-1}
- vorbis-tools 1.4.0-7 (bug #797461)
[jessie] - vorbis-tools 1.4.0-6+deb8u1
- [wheezy] - vorbis-tools <no-dsa> (Minor issue)
+ [wheezy] - vorbis-tools 1.4.0-1+deb7u1 (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/29/1
NOTE: https://trac.xiph.org/ticket/2212
CVE-2015-6741
@@ -82720,6 +82720,7 @@
{DLA-317-1}
- vorbis-tools 1.4.0-7 (unimportant; bug #776086)
[jessie] - vorbis-tools 1.4.0-6+deb8u1
+ [wheezy] - vorbis-tools 1.4.0-1+deb7u1
- opus-tools 0.1.10-1 (unimportant; bug #780160)
NOTE: https://trac.xiph.org/ticket/2137
NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
@@ -82729,7 +82730,7 @@
{DLA-317-1}
- vorbis-tools 1.4.0-7 (low; bug #776086)
[jessie] - vorbis-tools 1.4.0-6+deb8u1
- [wheezy] - vorbis-tools <no-dsa> (Minor issue)
+ [wheezy] - vorbis-tools 1.4.0-1+deb7u1
[squeeze] - vorbis-tools <no-dsa> (Minor issue)
- opus-tools 0.1.10-1 (bug #780160)
[jessie] - opus-tools <no-dsa> (Minor issue)
@@ -82740,7 +82741,7 @@
CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause ...)
{DLA-317-1}
- vorbis-tools 1.4.0-6 (bug #771363)
- [wheezy] - vorbis-tools <no-dsa> (Minor issue)
+ [wheezy] - vorbis-tools 1.4.0-1+deb7u1
[squeeze] - vorbis-tools <no-dsa> (Minor issue)
NOTE: https://trac.xiph.org/ticket/2009
NOTE: Upstream fix: https://trac.xiph.org/changeset/19117
--
Happy hacking
Petter Reinholdtsen
More information about the pkg-xiph-maint
mailing list