Package: libvorbis / 1.3.4-2+deb8u1

Metadata

Package Version Patches format
libvorbis 1.3.4-2+deb8u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Fix build failure with DSO link changes.patch | (download)

test/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix build failure with dso link changes.

Make sure to link tests with -lm to fix linker error.

0002 Avoid SIGFPE when bytespersample is zero.patch | (download)

lib/vorbisfile.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 avoid sigfpe when bytespersample is zero

0003 Fix hang when loading Ogg Theora files in audacity.patch | (download)

lib/vorbisfile.c | 124 101 + 23 - 0 !
1 file changed, 101 insertions(+), 23 deletions(-)

 fix hang when loading ogg theora files in audacity

Fix hang with loading Ogg Theora files when seeking to PCM 0 by backporting
r19159 of upstream SVN, authored by Chris Montgomery.

0004 Add sampling rate sanity check to avoid invalid memo.patch | (download)

lib/vorbisenc.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 add sampling rate sanity check to avoid invalid memory access.

Bug-Debian: https://bugs.debian.org/716613

Input files with sampling rate 0 are useless and can make
libvorbis access invalid memory because the logic in
_vp_psy_init (and probably other functions) isn't prepared for
it. A sanity check lets the library refuse those inputs
gracefully in the initialization functions before they can
do harm.

0005 CVE 2018 5146 Prevent out of bounds write in codeboo.patch | (download)

lib/codebook.c | 48 10 + 38 - 0 !
1 file changed, 10 insertions(+), 38 deletions(-)

 cve-2018-5146: prevent out-of-bounds write in codebook decoding.