taglib-config.cmake | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 make taglib-config architecture-independent
 This allows multi-arching libtag1-dev.

ConfigureChecks.cmake | 5 5 + 0 - 0 !
taglib/CMakeLists.txt | 16 9 + 7 - 0 !
taglib/toolkit/tstring.cpp | 56 33 + 23 - 0 !
3 files changed, 47 insertions(+), 30 deletions(-)

 use libicu instead of non-free unicode files
 This patch allows getting rid of non-free, vendored files unicode.h and
 unicode.cpp. It adds a new dependency on libicu instead.

taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

---

taglib/ogg/flac/oggflacfile.cpp | 14 12 + 2 - 0 !
1 file changed, 12 insertions(+), 2 deletions(-)

 [patch] fixed oob read when loading invalid ogg flac file. (#868)
 (#869)

CVE-2018-11439 is caused by a failure to check the minimum length
of a ogg flac header. This header is detailed in full at:
https://xiph.org/flac/ogg_mapping.html. Added more strict checking
for entire header.

taglib/ogg/oggfile.cpp | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix possible ogg packet losses.

Bug-Debian: https://bugs.debian.org/915281