Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 29 Mar 2016 18:58:48 +0200 Source: libebml Binary: libebml4 libebml-dev Architecture: source amd64 Version: 1.3.0-2+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libebml-dev - access library for the EBML format (development files) libebml4 - access library for the EBML format (shared library) Changes: libebml (1.3.0-2+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload. * Add CVE-2015-8789.patch. Fix use-after-free vulnerability in the EbmlMaster::Read function. * Add CVE-2015-8790.patch. Fix EbmlUnicodeString::UpdateFromUTF8 function that allowed context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string. * Add CVE-2015-8791.patch. Fix EbmlElement::ReadCodedSizeValue function that allowed context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id. Checksums-Sha1: 53bbd7b76eb540d95c4216afba21d0c4f613db0c 2234 libebml_1.3.0-2+deb8u1.dsc 5a49ae3fddfe4b514f76d5743b29b23e0ecbc935 59359 libebml_1.3.0.orig.tar.bz2 b939756c8474ed99f218e75e9bf76b58795458b6 6544 libebml_1.3.0-2+deb8u1.debian.tar.xz c8bbb60e37b1a425c031dd45604e07df0df22aa2 56016 libebml4_1.3.0-2+deb8u1_amd64.deb 8bf013f20f4f54a136a69f7767cb20469f7ac0ae 79986 libebml-dev_1.3.0-2+deb8u1_amd64.deb Checksums-Sha256: 36302995a64520e69c7050bf5afcd06b1bb38c7dcbe5f9ffb5c48db3377226ab 2234 libebml_1.3.0-2+deb8u1.dsc 83b074d6b62715aa0080406ea84d33df2e44b5d874096640233a4db49b8096de 59359 libebml_1.3.0.orig.tar.bz2 b9a81d945e58211976cfbf140c90fa95c8b650b4e3e5b085a24a412e7291b97f 6544 libebml_1.3.0-2+deb8u1.debian.tar.xz 39edcda293914a8bbff38b1be0e8e6ea669d709b7e41077ef8126765ba41703b 56016 libebml4_1.3.0-2+deb8u1_amd64.deb 7a35f8aedeeffd50989e225ca8b75e676da9875a57f49f44ee0f217ea54a652d 79986 libebml-dev_1.3.0-2+deb8u1_amd64.deb Files: e435e3c5aadf773fd852075951335e41 2234 devel optional libebml_1.3.0-2+deb8u1.dsc efec729bf5a51e649e1d9d1f61c0ae7a 59359 devel optional libebml_1.3.0.orig.tar.bz2 bb05a0c42a71f51d6d660e9924d5d309 6544 devel optional libebml_1.3.0-2+deb8u1.debian.tar.xz 058988a144b2a77fe3a5a317ebe8f832 56016 libs optional libebml4_1.3.0-2+deb8u1_amd64.deb ac4c74ef063280126c0efa81a4cf5d9b 79986 libdevel optional libebml-dev_1.3.0-2+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJW+tvAXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkSzkP/RF08yCdUGvy+vRUl6UKoQsp 7eOU0CFEHhsyDSiE9fmbegb/giPWl6LXJpCvhkEmXA9EVFKPXl45QonjC2rEkFTq Y/OSIQWg5AVScc2aPdVKn1Jvyn+XsfPaL5We1PwMCcfpXZMktoK6xpzLMfkZzi6I UlVzBIszL4zld/Hva9fhTBuVhj6IMIVZXVhFWeun8ehdbyB9Tk9dNTCR1bk4mZpm +sY9a5Cf2jIDuxF39LVrLi1dwtvjm2E5pCnYPATIc9lwm9X9YotbgBGCPBWIwJwZ HAnUIjLIohrK2oiZTINgW6xf+josvRdxvxlpSvJX0tYoIzvPcdK1Go7BOo86i7pJ bo5zVbzDwX5C81ydBStoXmF9h8avot/vhrFJ4C6naRwaG3ZGP5NFq/8F+vZ+xBn7 n+Xk3EROosQxqahOsQbkAiD2knIKOdoIgQwPuhYE3fzvCh6vFDSU/2IVaB80nkNH 6Dl2Qq8Phzuv+MXHQjFuh+pB4wamttNkBtcNGMDAX0+TawXIVgQzoyVUBqFNs37Q jzJ6vhzSLbAxMBa8SurNZVJd9w7ZZBCPU9uUoyU9cukHNJiHuFrBIenSvTruCkeW r26HCT0e5uqCzvs5uiqUs77Xb48rpp3vlLTZqkSV6BvcKkh9BeBD/giv74GMeHAe Gfwma34je8N4WkcNVifU =v0xM -----END PGP SIGNATURE----- Thank you for your contribution to Debian. _______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers