Author: Petter Reinholdtsen
Revision Date: 2014-11-03 09:08:25 UTC

[ Martin Steghöfer ]
Add sampling rate sanity check to avoid invalid memory access.
(Closes: #716613)

Author: Petter Reinholdtsen
Revision Date: 2014-11-03 09:08:25 UTC

[ Martin Steghöfer ]
Add sampling rate sanity check to avoid invalid memory access.
(Closes: #716613)

Author: Petter Reinholdtsen
Revision Date: 2014-11-03 09:08:25 UTC

[ Martin Steghöfer ]
Add sampling rate sanity check to avoid invalid memory access.
(Closes: #716613)

Author: Manuel A. Fernandez Montecelo
Revision Date: 2014-05-21 23:47:10 UTC

* Non-maintainer upload.
* Build-Depends on dh-autoreconf and use it in rules for
  config.{guess,sub} (Closes: #744722)

Author: Manuel A. Fernandez Montecelo
Revision Date: 2014-05-21 23:47:10 UTC

* Non-maintainer upload.
* Build-Depends on dh-autoreconf and use it in rules for
  config.{guess,sub} (Closes: #744722)

Author: William Grant
Revision Date: 2013-12-15 06:13:02 UTC

Use dh-autoreconf for new libtool.

Author: William Grant
Revision Date: 2013-12-15 06:13:02 UTC

Use dh-autoreconf for new libtool.

Author: Riku Voipio
Revision Date: 2012-05-07 14:53:26 UTC

* Non-maintainer upload to fix release goals
* Convert to Multi-Arch, closes: #637578 (Thanks, Steve Langasek)
* Remove .la file dependencies, closes: #633339

Author: Riku Voipio
Revision Date: 2012-05-07 14:53:26 UTC

* Non-maintainer upload to fix release goals
* Convert to Multi-Arch, closes: #637578 (Thanks, Steve Langasek)
* Remove .la file dependencies, closes: #633339

Author: Riku Voipio
Revision Date: 2012-05-07 14:53:26 UTC

* Non-maintainer upload to fix release goals
* Convert to Multi-Arch, closes: #637578 (Thanks, Steve Langasek)
* Remove .la file dependencies, closes: #633339

Author: Marc Deslauriers
Revision Date: 2012-02-17 13:51:00 UTC

* SECURITY UPDATE: denial of service and possible code execution
  - lib/floor1.c: validate count.
  - https://trac.xiph.org/changeset/18151
  - CVE-2012-0444

Author: Marc Deslauriers
Revision Date: 2012-02-17 15:19:38 UTC

* SECURITY UPDATE: denial of service and possible code execution
  - lib/floor1.c: validate count.
  - https://trac.xiph.org/changeset/18151
  - CVE-2012-0444

Author: Marc Deslauriers
Revision Date: 2012-02-17 15:29:02 UTC

* SECURITY UPDATE: denial of service and possible code execution
  - lib/floor1.c: validate count.
  - https://trac.xiph.org/changeset/18151
  - CVE-2012-0444

Author: Marc Deslauriers
Revision Date: 2012-02-17 15:33:12 UTC

* SECURITY UPDATE: denial of service and possible code execution
  - debian/patches/CVE-2012-0444.patch: validate count in lib/floor1.c.
  - CVE-2012-0444

Author: Marc Deslauriers
Revision Date: 2012-02-17 13:51:00 UTC

* SECURITY UPDATE: denial of service and possible code execution
  - lib/floor1.c: validate count.
  - https://trac.xiph.org/changeset/18151
  - CVE-2012-0444

Author: Marc Deslauriers
Revision Date: 2012-02-17 15:19:38 UTC

* SECURITY UPDATE: denial of service and possible code execution
  - lib/floor1.c: validate count.
  - https://trac.xiph.org/changeset/18151
  - CVE-2012-0444

Author: Marc Deslauriers
Revision Date: 2012-02-17 15:29:02 UTC

* SECURITY UPDATE: denial of service and possible code execution
  - lib/floor1.c: validate count.
  - https://trac.xiph.org/changeset/18151
  - CVE-2012-0444

Author: Marc Deslauriers
Revision Date: 2012-02-17 15:33:12 UTC

* SECURITY UPDATE: denial of service and possible code execution
  - debian/patches/CVE-2012-0444.patch: validate count in lib/floor1.c.
  - CVE-2012-0444

Author: Marc Deslauriers
Revision Date: 2012-02-17 13:51:00 UTC

* SECURITY UPDATE: denial of service and possible code execution
  - lib/floor1.c: validate count.
  - https://trac.xiph.org/changeset/18151
  - CVE-2012-0444

Author: Steve Langasek
Revision Date: 2011-08-12 18:54:40 UTC

releasing version 1.3.2-1ubuntu2

Author: Steve Langasek
Revision Date: 2011-08-12 17:02:26 UTC

Build for multiarch. LP: #825342.

Author: Artem Popov
Revision Date: 2011-02-19 18:41:36 UTC

* Merge from debian unstable (LP: #722036). Remaining changes:
  - Fix build failure with DSO link changes.

Author: John Ferlito
Revision Date: 2010-03-26 19:10:35 UTC

* New upstream release.
  - Please package new upstream version 1.3.1. (Closes: #575676)
  - libvorbis: additional CVE-2009-3379 security fixes. (Closes: #573562)
  - libvorbis0a: Incorrect encoding on powerpc. (Closes: #549899)
  - FTBFS with binutils-gold. (Closes: #555383)

Author: Marc Deslauriers
Revision Date: 2010-02-26 10:22:23 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: add a couple of missing commits:
    eliminate blocklist overflow in lib/backends.h, don't allow codeword
    lengths longer than 32 bits in lib/codebook.c.
  - CVE-2009-3379
* debian/rules, debian/control: add quilt patch system

Author: Marc Deslauriers
Revision Date: 2009-11-12 15:02:17 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420

Author: Marc Deslauriers
Revision Date: 2009-11-13 09:11:02 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
  - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
    additional checking to the hufftree decoding in lib/block.c,
    examples/decoder_example.c, lib/sharedbook.c.
  - CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420

Author: Marc Deslauriers
Revision Date: 2009-11-13 09:42:51 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
  - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
    additional checking to the hufftree decoding in lib/block.c,
    examples/decoder_example.c, lib/sharedbook.c.
  - CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420

Author: Marc Deslauriers
Revision Date: 2009-11-12 15:02:17 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420

Author: Marc Deslauriers
Revision Date: 2009-11-13 09:53:56 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
  - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
    additional checking to the hufftree decoding in lib/block.c,
    examples/decoder_example.c, lib/sharedbook.c.
  - CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420

Author: Peter Samuelson
Revision Date: 2009-08-10 23:11:11 UTC

* Fix CVE-2009-2663: two bugs in libvorbis that allowed a crafted ogg
  file to corrupt memory. (Closes: #540958)
* patches/CVE-2008-1420.patch: fix a regression playing files generated
  by 1.0b1, from upstream trunk. Thanks Michael Gold. (Closes: #504421)

Author: Marc Deslauriers
Revision Date: 2009-11-13 09:11:02 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
  - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
    additional checking to the hufftree decoding in lib/block.c,
    examples/decoder_example.c, lib/sharedbook.c.
  - CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420

Author: Marc Deslauriers
Revision Date: 2008-11-26 10:20:38 UTC

* SECURITY UPDATE: crash or integer overflow with codebook.dim zero
  value (LP: #232150)
  - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: make sure value of
    codebook.dim is not zero in lib/codebook.c
  - CVE-2008-1419
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420.patch: verify the phrasebook is not
    specifying an impossible or inconsistent partitioning scheme in
    lib/res0.c
  - CVE-2008-1420
* SECURITY UPDATE: code execution via heap overflow in a quantvals and
  quantlist calculation (LP: #232150)
  - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: add check for
    absurdly huge codebooks in lib/codebook.c
  - CVE-2008-1423

Author: Steffen Joeris
Revision Date: 2008-05-26 12:48:06 UTC

* Non-maintainer upload by the security team
* Fix integer overflows (and possible DoS attacks) via crafted
  OGG files (Closes: #482518)
  Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419

Author: Marc Deslauriers
Revision Date: 2009-11-13 09:42:51 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
  - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
    additional checking to the hufftree decoding in lib/block.c,
    examples/decoder_example.c, lib/sharedbook.c.
  - CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420

Author: Steffen Joeris
Revision Date: 2008-05-26 12:48:06 UTC

* Non-maintainer upload by the security team
* Fix integer overflows (and possible DoS attacks) via crafted
  OGG files (Closes: #482518)
  Fixes: CVE-2008-1423, CVE-2008-1420, CVE-2008-1419

Author: Marc Deslauriers
Revision Date: 2009-11-13 09:53:56 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple vulnerabilities
  - debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
    the comment packet if the string lengths are corrupt in lib/info.c,
    check for premature EOP in lib/res0.c, implement hardening in
    lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
    in lib/backends.h, don't allow codeword lengths longer than 32 bits
    in lib/codebook.c.
  - CVE-2009-3379
* SECURITY UPDATE: denial of service via underpopulated Huffman trees
  - debian/patches/upstream-r14811_huffman_sanity_checks.diff: add
    additional checking to the hufftree decoding in lib/block.c,
    examples/decoder_example.c, lib/sharedbook.c.
  - CVE-2008-2009
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
    issue, but still maintain backwards compatibility in lib/res0.c,
    lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
  - CVE-2008-1420

Author: Dato Simó
Revision Date: 2007-08-14 20:55:54 UTC

Bump shlibs for libvorbis0a due to new vorbis_synthesis_idheader header.
(Closes: #436083)

Author: Marc Deslauriers
Revision Date: 2008-11-26 10:20:38 UTC

* SECURITY UPDATE: crash or integer overflow with codebook.dim zero
  value (LP: #232150)
  - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: make sure value of
    codebook.dim is not zero in lib/codebook.c
  - CVE-2008-1419
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - debian/patches/CVE-2008-1420.patch: verify the phrasebook is not
    specifying an impossible or inconsistent partitioning scheme in
    lib/res0.c
  - CVE-2008-1420
* SECURITY UPDATE: code execution via heap overflow in a quantvals and
  quantlist calculation (LP: #232150)
  - debian/patches/CVE-2008-1423+CVE-2008-1419.patch: add check for
    absurdly huge codebooks in lib/codebook.c
  - CVE-2008-1423

Author: Clint Adams
Revision Date: 2007-07-27 02:57:44 UTC

[ Adeodato Simó ]
* Use ${binary:Version} instead of ${Source-Version}.

[ Clint Adams ]
* New upstream release.
  - Remove upstream_r13198-fix_segfault_in_ov_time_seek.diff .
* Bump shlibs for libvorbisfile3 to >= 1.2.0 due to new ov_fopen
  function.

Author: Kees Cook
Revision Date: 2007-08-15 14:05:07 UTC

* SECURITY UPDATE: arbitrary code execution via heap overflow
* Add 100_heap_execution.patch: backported upstream changes from 1.2.0.
* References
  CVE-2007-3106
  CVE-2007-4029

Author: Kees Cook
Revision Date: 2007-08-15 14:05:07 UTC

* SECURITY UPDATE: arbitrary code execution via heap overflow
* Add 100_heap_execution.patch: backported upstream changes from 1.2.0.
* References
  CVE-2007-3106
  CVE-2007-4029

Author: Marc Deslauriers
Revision Date: 2008-11-26 09:14:38 UTC

* SECURITY UPDATE: crash or integer overflow with codebook.dim zero
  value (LP: #232150)
  - lib/codebook.c: make sure value of codebook.dim is not zero
  - https://trac.xiph.org/changeset/14602
  - CVE-2008-1419
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - lib/res0.c: verify the phrasebook is not specifying an impossible or
    inconsistent partitioning scheme
  - https://trac.xiph.org/changeset/14598
  - CVE-2008-1420
* SECURITY UPDATE: code execution via heap overflow in a quantvals and
  quantlist calculation (LP: #232150)
  - lib/codebook.c: add check for absurdly huge codebooks
  - https://trac.xiph.org/changeset/14604
  - CVE-2008-1423
* Sync rest of patchset with debian package for additional misc security
  fixes and validations
  - http://patch-tracking.debian.net/package/libvorbis/1.1.2.dfsg-1.4

Author: Joey Hess
Revision Date: 2006-10-24 19:55:19 UTC

Fix shlibs files for libvorbisenc and libvorbisfile, which were broken
by my first NMU to have dependencies for libvorbis0a. Closes: #395048

Author: Kees Cook
Revision Date: 2007-08-15 16:32:29 UTC

* SECURITY UPDATE: arbitrary code execution via heap overflow
* Add 100_heap_execution.patch: backported upstream changes from 1.2.0.
* References
  CVE-2007-3106
  CVE-2007-4029

Author: Kees Cook
Revision Date: 2007-08-15 16:32:29 UTC

* SECURITY UPDATE: arbitrary code execution via heap overflow
* Add 100_heap_execution.patch: backported upstream changes from 1.2.0.
* References
  CVE-2007-3106
  CVE-2007-4029

Author: Sebastian Dröge
Revision Date: 2006-06-30 16:23:49 UTC

* Sync with Debian
* No remaining Ubuntu changes but different tarballs

Author: Marc Deslauriers
Revision Date: 2008-11-26 09:14:38 UTC

* SECURITY UPDATE: crash or integer overflow with codebook.dim zero
  value (LP: #232150)
  - lib/codebook.c: make sure value of codebook.dim is not zero
  - https://trac.xiph.org/changeset/14602
  - CVE-2008-1419
* SECURITY UPDATE: code execution via heap overflow in residue partition
  value (LP: #232150)
  - lib/res0.c: verify the phrasebook is not specifying an impossible or
    inconsistent partitioning scheme
  - https://trac.xiph.org/changeset/14598
  - CVE-2008-1420
* SECURITY UPDATE: code execution via heap overflow in a quantvals and
  quantlist calculation (LP: #232150)
  - lib/codebook.c: add check for absurdly huge codebooks
  - https://trac.xiph.org/changeset/14604
  - CVE-2008-1423
* Sync rest of patchset with debian package for additional misc security
  fixes and validations
  - http://patch-tracking.debian.net/package/libvorbis/1.1.2.dfsg-1.4

Author: Fabio Massimo Di Nitto
Revision Date: 2006-05-02 14:01:50 UTC

Fix error in debian/rules and as a consequence FTBFS.

Author: Matthias Klose
Revision Date: 2005-07-21 23:24:00 UTC

Build using GCC 3.4. Addresses Ubuntu 12722.

Author: Chris Cheney
Revision Date: 2003-12-09 01:00:00 UTC

* New upstream.
* Improved descriptions. (Closes: #166649)
* Updated DEB_BUILD_OPTIONS support. (Closes: #188464)

Author: Chris Cheney
Revision Date: 2003-12-09 01:00:00 UTC

* New upstream.
* Improved descriptions. (Closes: #166649)
* Updated DEB_BUILD_OPTIONS support. (Closes: #188464)