-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-04-08 09:34:05 UTC
-
Revision ID:
james.westby@ubuntu.com-20100408093405-kiufy18m0a2536ax
Tags: 4:0.5+svn20090706-2ubuntu2.1
* SECURITY UPDATE: Fix a multitude of security issues
- debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
existence before assignment
- debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
indexes
- debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
value
- debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
per-packet mode indexes and per-header mode mapping indexes
- debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
index and subclass book index.
- debian/patches/CVE-2009-46XX/security-issue08.patch: check
res_setup->books
- debian/patches/CVE-2009-46XX/security-issue09.patch: check
begin/end/partition_size
- debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
of channels & samplerate
- debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
check
- debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
for magnitude and angle
- debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
- debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
against 0 too
- debian/patches/CVE-2009-46XX/security-issue15.patch: fix
init_get_bits() buffer size
- debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
all memory allocations succeed
- debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible
buffer over-read in vorbis_comment
- debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
0 to avoid having it uninitialized
- debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing
for ogg streams where no ogg header was found
- debian/patches/CVE-2009-46XX/security-issue22.patch: check codec_id
and codec_type, make sure priv_data is freed and codec is set to NULL
- CVE-2009-4632
- CVE-2009-4633
- CVE-2009-4634
- CVE-2009-4635
- CVE-2009-4637
- CVE-2009-4639
- CVE-2009-4640