Univention Bugzilla – Bug 53869
taglib: Multiple issues (4.4)
Last modified: 2021-10-06 17:05:56 CEST
New Debian taglib 1.11.1+dfsg.1-0.3+deb9u1 fixes: This update addresses the following issues: * Incorrect cast in rebuildAggregateFrames function (CVE-2017-12678) * heap-based buffer over-read via a crafted audio file (CVE-2018-11439)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/taglib_1.11.1+dfsg.1-0.1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/taglib_1.11.1+dfsg.1-0.3+deb9u1.dsc @@ -1,3 +1,29 @@ +1.11.1+dfsg.1-0.3+deb9u1 [Thu, 30 Sep 2021 21:27:38 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * Rebuild for stretch-security. + +1.11.1+dfsg.1-0.3+deb10u1 [Sun, 26 Apr 2020 12:41:23 -0400] Boyuan Yang <byang@debian.org>: + + * debian/patches/0005: Add patch to fix corruption on + handling ogg files. (Closes: #915281, upstream issue 775) + * debian/control: Update maintainer and Vcs information + accordingly. + +1.11.1+dfsg.1-0.3 [Tue, 19 Feb 2019 23:24:40 +0100] Moritz Muehlenhoff <jmm@debian.org>: + + * Non-maintainer upload. + * CVE-2018-11439 (Closes: #903847) + +1.11.1+dfsg.1-0.2 [Thu, 12 Oct 2017 11:38:02 +0200] Matthias Klose <doko@debian.org>: + + * Non-maintainer upload. + * Drop obsolete versioned build dependency on g++. + * Mark two more symbols as optional, not seen when building with -O3. + * Bump standards version to 4.1.1. + * CVE-2017-12678: Don't assume TDRC is an instance of TextIdentificationFrame. + Closes: #871511. + 1.11.1+dfsg.1-0.1 [Tue, 24 Jan 2017 20:10:42 -0500] Matteo Cypriani <mcy@lm7.fr>: * Non-maintainer upload. <http://piuparts.knut.univention.de/4.4-8/#5726925175072605315>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1064>