The Vorbis library
Questa volta i pacchetti sono abbastanza numerosi e non è un buon segnale a pochi giorni dell'uscita. La buona notizi è che, a eccezzione dei pacchetti per le libreria Vorbis gli altri non sono di sicurezza bensì raccomandati e/o altri aggiornamentii, una nuova categoria aggiunta a partire da Ubuntu 9.10 Karmic Koala. L'ultima aggiornamentoi riguardante questa categoria si riferisce a xserver-xorg-input.synaptics:
Cambiamenti per le versioni:
1.2.0~ppa1~nc10~karmic
1.2.0~ppa2~nc10~karmic
La sorgente di questo cambiamento non supporta i changelog.
A noi la scelta di installarli o meno.
Ogg Vorbis is a fully open, non-proprietary, patent-and-royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel.
The Vorbis library is the primary Ogg Vorbis library.
Cambiamenti per le versioni:
1.2.0.dfsg-6
1.2.0.dfsg-6ubuntu0.1
Versione 1.2.0.dfsg-6ubuntu0.1:
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Cambiamenti per le versioni:
1.2.0.dfsg-6
1.2.0.dfsg-6ubuntu0.1
Versione 1.2.0.dfsg-6ubuntu0.1:
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Cambiamenti per le versioni:
1.2.0.dfsg-6
1.2.0.dfsg-6ubuntu0.1
Versione 1.2.0.dfsg-6ubuntu0.1:
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: Don't try to read past the end of
the comment packet if the string lengths are corrupt in lib/info.c,
check for premature EOP in lib/res0.c, implement hardening in
lib/{codebook,floor1,info,mapping0}.c, eliminate blocklist overflow
in lib/backends.h, don't allow codeword lengths longer than 32 bits
in lib/codebook.c.
- CVE-2009-3379
* SECURITY UPDATE: code execution via heap overflow in residue partition
value (LP: #232150)
- debian/patches/CVE-2008-1420-2.patch: add additional checks to fix
issue, but still maintain backwards compatibility in lib/res0.c,
lib/modes/{residue_44u,residue_44}.h, lib/backends.h.
- CVE-2008-1420
Se ti è piaciuto l'articolo , iscriviti al feed cliccando sull'immagine sottostante per tenerti sempre aggiornato sui nuovi contenuti del blog:
Nessun commento:
Posta un commento
Non inserire link cliccabili altrimenti il commento verrà eliminato. Metti la spunta a Inviami notifiche per essere avvertito via email di nuovi commenti.