-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 16 Mar 2018 20:53:05 +0100 Source: libvorbisidec Binary: libvorbisidec-dev libvorbisidec1 Architecture: source Version: 1.0.2+svn18153-1~deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian QA Group Changed-By: Salvatore Bonaccorso Closes: 893132 Description: libvorbisidec-dev - Integer-only Ogg Vorbis decoder, AKA "tremor" (Development Files) libvorbisidec1 - Integer-only Ogg Vorbis decoder, AKA "tremor" Changes: libvorbisidec (1.0.2+svn18153-1~deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Prevent out-of-bounds write in codebook decoding (CVE-2018-5147) (Closes: #893132) Checksums-Sha1: 0517002428b9ef48478f73e1e08c23171dae332a 2178 libvorbisidec_1.0.2+svn18153-1~deb8u2.dsc e1f8e5281a92029a1bb325ecb247a6d9c8bf7199 149060 libvorbisidec_1.0.2+svn18153.orig.tar.gz 58dc0b581545007184b70dda956efc47d244959c 6235 libvorbisidec_1.0.2+svn18153-1~deb8u2.diff.gz Checksums-Sha256: b451cdf36212ffc08813b6e22e138c64cf8089d862099275c6e72aaee9afc0d1 2178 libvorbisidec_1.0.2+svn18153-1~deb8u2.dsc 4dc8c224289da3479fc10ce4e49ffbb85c790eb2fe55ef480934a265ee0a6782 149060 libvorbisidec_1.0.2+svn18153.orig.tar.gz 1a66861aa4f05b12831cc4a9c629915f69d96eefbbe2dd4279c106f552860cbb 6235 libvorbisidec_1.0.2+svn18153-1~deb8u2.diff.gz Files: 82e065654ecd84b0999270bb98ffbfca 2178 libs extra libvorbisidec_1.0.2+svn18153-1~deb8u2.dsc 4190859414c5d6760e316b5cf00fe7c5 149060 libs extra libvorbisidec_1.0.2+svn18153.orig.tar.gz 6191de785fec795ae39822b597e4eae6 6235 libs extra libvorbisidec_1.0.2+svn18153-1~deb8u2.diff.gz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqsIXVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ekf4QAI7j7vthE2R/wmnPJRFK/wxOXLfsJvZS EhJD0AuQWWqd8TWycm9L38uE7Cck4dyfNL7r+zDrfVI0gORVAv0ZBV0LK9T+iBV8 4J+hI09WgNgTCnQlr+zpt88KE+LXWx5TTXsIzC+3G83z0mo6Am1iqWQVbQ4vS5Vg +MfmgREGNOSeppvPAFFq/RtVGdFpJEMIpYQI6nc7NSwjzncJugdHpfCYDZj97UXv TCdmk6R71FqGNL2A3Dzxtoavo51rR5pjSJltaAcbHcpLxRzDBLxC1rAS0OKBkKUa 8B+a6keBcRYCjbS548unSHUloamdK1Rglxz/33kujjqE1jZmrT4z7aFJ31vibmHW 9os2plFNfarfwsUCSaNK80qqJHpQfCljl5V758jSi+NM9NsIdHnQM9euYeqPFGUQ mIflZvX6+SC5ZpYunkf2/B+ZW2ILRl+G7CxgXazn2344ntw1tL5hbP0Ot4KtFMBQ Kuh+ib2raTcSmbJ/Xj3iAck3VoM5syuFUlR4scOFVzPAKuVlAnex1wm/mXCfB2bw hDIWoh1PrRvjBzy6XUhzbP08yS8Wv0eZItlG32FyH6wnVJx0H0AEZLHYdbawnjbo smamGC7IUXvqvHIg/1OTogP//YtlX4fHs+0JvjFbBM1V0eAlrmTIahVTh8PFtCwJ MtQPPljHKnl/ =wM/s -----END PGP SIGNATURE-----