Package: libvorbis
Version: 1.2.3-3
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu lucid ubuntu-patch
*** /tmp/tmpCr9xKy
In Ubuntu, we've applied the attached patch to achieve the following:
* SECURITY UPDATE: denial of service and possible code execution via
multiple vulnerabilities
- debian/patches/CVE-2009-3379.patch: add a couple of missing commits:
eliminate blocklist overflow in lib/backends.h, don't allow codeword
lengths longer than 32 bits in lib/codebook.c.
- CVE-2009-3379
* debian/rules, debian/control: add quilt patch system
Our fix for CVE-2009-3379 included these two commits that were not included
in the 1.2.3 release.
We thought you might be interested in doing the same.
-- System Information:
Debian Release: squeeze/sid
APT prefers lucid-updates
APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-16-generic (SMP w/2 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u libvorbis-1.2.3/debian/changelog libvorbis-1.2.3/debian/changelog
diff -u libvorbis-1.2.3/debian/rules libvorbis-1.2.3/debian/rules
--- libvorbis-1.2.3/debian/rules
+++ libvorbis-1.2.3/debian/rules
@@ -1,5 +1,7 @@
#! /usr/bin/make -f
+include /usr/share/quilt/quilt.make
+
###
# Configure arguments
@@ -42,7 +44,7 @@
###
configure: configure-stamp
-configure-stamp:
+configure-stamp: $(QUILT_STAMPFN)
dh_testdir
ln -sf /usr/share/misc/config.sub .
@@ -64,7 +66,7 @@
#
-clean:
+clean: unpatch
dh_testdir
dh_testroot
diff -u libvorbis-1.2.3/debian/control libvorbis-1.2.3/debian/control
--- libvorbis-1.2.3/debian/control
+++ libvorbis-1.2.3/debian/control
@@ -1,9 +1,10 @@
Source: libvorbis
Section: libs
Priority: optional
-Maintainer: Debian Xiph.org Maintainers <pkg-xiph-ma...@lists.alioth.debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Xiph.org Maintainers <pkg-xiph-ma...@lists.alioth.debian.org>
Uploaders: Peter Samuelson <pe...@p12n.org>, John Francesco Ferlito <jo...@inodes.org>
-Build-Depends: autotools-dev, debhelper (>= 6.0.7~), libogg-dev
+Build-Depends: autotools-dev, debhelper (>= 6.0.7~), quilt, libogg-dev
Standards-Version: 3.8.3
Vcs-Bzr: http://bzr.debian.org/bzr/pkg-xiph/libvorbis
only in patch2:
unchanged:
--- libvorbis-1.2.3.orig/debian/patches/series
+++ libvorbis-1.2.3/debian/patches/series
@@ -0,0 +1 @@
+CVE-2009-3379.patch
only in patch2:
unchanged:
--- libvorbis-1.2.3.orig/debian/patches/CVE-2009-3379.patch
+++ libvorbis-1.2.3/debian/patches/CVE-2009-3379.patch
@@ -0,0 +1,28 @@
+Description: fix denial of service and possible code execution via
+ multiple vulnerabilities
+Origin: upstream, https://trac.xiph.org/changeset/16326
+Origin: upstream, https://trac.xiph.org/changeset/16597
+
+diff -Naur libvorbis-1.2.3.ori/lib/backends.h libvorbis-1.2.3/lib/backends.h
+--- libvorbis-1.2.3.ori/lib/backends.h 2009-07-09 05:12:08.000000000 -0400
++++ libvorbis-1.2.3/lib/backends.h 2010-02-26 10:32:07.000000000 -0500
+@@ -111,7 +111,7 @@
+ int partitions; /* possible codebooks for a partition */
+ int groupbook; /* huffbook for partitioning */
+ int secondstages[64]; /* expanded out to pointers in lookup */
+- int booklist[256]; /* list of second stage books */
++ int booklist[512]; /* list of second stage books */
+
+ const float classmetric1[64];
+ const float classmetric2[64];
+diff -Naur libvorbis-1.2.3.ori/lib/codebook.c libvorbis-1.2.3/lib/codebook.c
+--- libvorbis-1.2.3.ori/lib/codebook.c 2009-07-09 05:12:08.000000000 -0400
++++ libvorbis-1.2.3/lib/codebook.c 2010-02-26 10:32:49.000000000 -0500
+@@ -198,6 +198,7 @@
+ for(i=0;i<s->entries;){
+ long num=oggpack_read(opb,_ilog(s->entries-i));
+ if(num==-1)goto _eofout;
++ if(length>32)goto _errout;
+ for(j=0;j<num && i<s->entries;j++,i++)
+ s->lengthlist[i]=length;
+ length++;
