← Back to branch summary

~ubuntu-branches/ubuntu/trusty/mp3gain/trusty

~ubuntu-branches/ubuntu/trusty/mp3gain/trusty

Viewing all changes in revision 16.

Committer: Package Import Robot
Author(s): Simon McVittie
Date: 2014-03-19 09:24:09 UTC
Revision ID: package-import@ubuntu.com-20140319092409-1u7ykj7e9jy1pf6a

Tags: 1.5.2-r2-6

http://bugs.debian.org/740268

* Add various patches from Daniel Kobras' mpg123 packaging to fix
  buffer overflows in the embedded copy/fork of mpglib
  - CVE-2003-0577 (originally #201698 in mpg123)
  - CVE-2004-0805 (originally #270542 in mpg123)
  - CVE-2004-0991
  - CVE-2006-1655 (originally #361863 in mpg123)
  (Closes: #740268, hopefully)
* debian/patches/*.diff: adjust so gbp-pq can import all of them
* debian/patches/*.diff: update Sourceforge bug URLs to new layout
  (but keep the old versions for posterity)

files added:
.pc/0011-CVE-2004-0805-layer2.c-fix-buffer-overflow-in-layer2.patch

.pc/0011-CVE-2004-0805-layer2.c-fix-buffer-overflow-in-layer2.patch/mpglibDBL

.pc/0011-CVE-2004-0805-layer2.c-fix-buffer-overflow-in-layer2.patch/mpglibDBL/layer2.c

.pc/0012-CVE-2006-1655-fix-heap-overflow-in-layer3.c-III_anti.patch

.pc/0012-CVE-2006-1655-fix-heap-overflow-in-layer3.c-III_anti.patch/mpglibDBL

.pc/0012-CVE-2006-1655-fix-heap-overflow-in-layer3.c-III_anti.patch/mpglibDBL/layer3.c

.pc/0013-CVE-2004-0991-fix-insufficient-validation-of-MPEG-he.patch

.pc/0013-CVE-2004-0991-fix-insufficient-validation-of-MPEG-he.patch/mpglibDBL

.pc/0013-CVE-2004-0991-fix-insufficient-validation-of-MPEG-he.patch/mpglibDBL/layer2.c

.pc/0014-CVE-2004-0991-copy-frame-size-checking-from-mpg123-0.patch

.pc/0014-CVE-2004-0991-copy-frame-size-checking-from-mpg123-0.patch/mpglibDBL

.pc/0014-CVE-2004-0991-copy-frame-size-checking-from-mpg123-0.patch/mpglibDBL/common.c

.pc/0015-CVE-2003-0577-common.c-0000-is-also-an-invalid-bit-r.patch

.pc/0015-CVE-2003-0577-common.c-0000-is-also-an-invalid-bit-r.patch/mpglibDBL

.pc/0015-CVE-2003-0577-common.c-0000-is-also-an-invalid-bit-r.patch/mpglibDBL/common.c

.pc/0016-Increase-MAXFRAMESIZE-to-3456-bytes-which-is-much-cl.patch

.pc/0016-Increase-MAXFRAMESIZE-to-3456-bytes-which-is-much-cl.patch/mpglibDBL

.pc/0016-Increase-MAXFRAMESIZE-to-3456-bytes-which-is-much-cl.patch/mpglibDBL/mpg123.h

debian/patches/0011-CVE-2004-0805-layer2.c-fix-buffer-overflow-in-layer2.patch

debian/patches/0012-CVE-2006-1655-fix-heap-overflow-in-layer3.c-III_anti.patch

debian/patches/0013-CVE-2004-0991-fix-insufficient-validation-of-MPEG-he.patch

debian/patches/0014-CVE-2004-0991-copy-frame-size-checking-from-mpg123-0.patch

debian/patches/0015-CVE-2003-0577-common.c-0000-is-also-an-invalid-bit-r.patch

debian/patches/0016-Increase-MAXFRAMESIZE-to-3456-bytes-which-is-much-cl.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/02_correct_errorcode_on_failure.diff

debian/patches/03_use_tempfile_by_default.diff

debian/patches/05_fix_segfault_when_files_not_writable.diff

debian/patches/06_fix_overwrite_query_loop.diff

debian/patches/08_trailingspace.diff

debian/patches/09_fix_mem_leaks.diff

debian/patches/10_fix_potential_segfaults.diff

debian/patches/11_txxx.diff

debian/patches/12_force_update.diff

debian/patches/13_constant_expr.diff

debian/patches/series

mpglibDBL/common.c

mpglibDBL/layer2.c

mpglibDBL/layer3.c

mpglibDBL/mpg123.h

Show diffs side-by-side

added added

removed removed

.pc/0011-CVE-2004-0805-layer2.c-fix-buffer-overflow-in-layer2.patch/

.pc/0011-CVE-2004-0805-layer2.c-fix-buffer-overflow-in-layer2.patch/mpglibDBL/

.pc/0011-CVE-2004-0805-layer2.c-fix-buffer-overflow-in-layer2.patch/mpglibDBL/layer2.c

.pc/0012-CVE-2006-1655-fix-heap-overflow-in-layer3.c-III_anti.patch/

.pc/0012-CVE-2006-1655-fix-heap-overflow-in-layer3.c-III_anti.patch/mpglibDBL/

.pc/0012-CVE-2006-1655-fix-heap-overflow-in-layer3.c-III_anti.patch/mpglibDBL/layer3.c

.pc/0013-CVE-2004-0991-fix-insufficient-validation-of-MPEG-he.patch/

.pc/0013-CVE-2004-0991-fix-insufficient-validation-of-MPEG-he.patch/mpglibDBL/

.pc/0013-CVE-2004-0991-fix-insufficient-validation-of-MPEG-he.patch/mpglibDBL/layer2.c

.pc/0014-CVE-2004-0991-copy-frame-size-checking-from-mpg123-0.patch/

.pc/0014-CVE-2004-0991-copy-frame-size-checking-from-mpg123-0.patch/mpglibDBL/

.pc/0014-CVE-2004-0991-copy-frame-size-checking-from-mpg123-0.patch/mpglibDBL/common.c

.pc/0015-CVE-2003-0577-common.c-0000-is-also-an-invalid-bit-r.patch/

.pc/0015-CVE-2003-0577-common.c-0000-is-also-an-invalid-bit-r.patch/mpglibDBL/

.pc/0015-CVE-2003-0577-common.c-0000-is-also-an-invalid-bit-r.patch/mpglibDBL/common.c

.pc/0016-Increase-MAXFRAMESIZE-to-3456-bytes-which-is-much-cl.patch/

.pc/0016-Increase-MAXFRAMESIZE-to-3456-bytes-which-is-much-cl.patch/mpglibDBL/

.pc/0016-Increase-MAXFRAMESIZE-to-3456-bytes-which-is-much-cl.patch/mpglibDBL/mpg123.h

.pc/applied-patches

debian/changelog

debian/patches/0011-CVE-2004-0805-layer2.c-fix-buffer-overflow-in-layer2.patch

debian/patches/0012-CVE-2006-1655-fix-heap-overflow-in-layer3.c-III_anti.patch

debian/patches/0013-CVE-2004-0991-fix-insufficient-validation-of-MPEG-he.patch

debian/patches/0014-CVE-2004-0991-copy-frame-size-checking-from-mpg123-0.patch

debian/patches/0015-CVE-2003-0577-common.c-0000-is-also-an-invalid-bit-r.patch

debian/patches/0016-Increase-MAXFRAMESIZE-to-3456-bytes-which-is-much-cl.patch

debian/patches/02_correct_errorcode_on_failure.diff

debian/patches/03_use_tempfile_by_default.diff

debian/patches/05_fix_segfault_when_files_not_writable.diff

debian/patches/06_fix_overwrite_query_loop.diff

debian/patches/08_trailingspace.diff

debian/patches/09_fix_mem_leaks.diff

debian/patches/10_fix_potential_segfaults.diff

debian/patches/11_txxx.diff

debian/patches/12_force_update.diff

debian/patches/13_constant_expr.diff

debian/patches/series

mpglibDBL/common.c

mpglibDBL/layer2.c

mpglibDBL/layer3.c

mpglibDBL/mpg123.h

Older »