[ubuntu/plucky-proposed] libcdio 2.1.0-5 (Accepted)

[Alessandro Astone]

libcdio (2.1.0-5) unstable; urgency=medium

  [ Bruce Cable ]
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-36600-1.patch: Allocates space for
      growth and additional buffer in lib/iso9660/rock.c
    - debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
      count to prevent an overflow in lib/driver/_cdio_stdio.c
    - debian/patches/CVE-2024-36600-3.patch: Adds input validation to
      unicode16_decode function in lib/udf/udf_fs.c
    - debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
      directory buffer size and total size calculation in
      lib/iso9660/iso9660_fs.c
    - debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
      dir read (32-bit) in lib/iso9660/iso9660_fs.c
    - debian/patches/CVE-2024-36600-6.patch: Checks the validity of
      i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
    - debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
      only when needed in lib/iso9660/iso9660_fs.c
    - CVE-2024-36600

  [ Debian Janitor ]
  * Set upstream metadata fields: Bug-Submit (from ./configure),
    Repository-Browse.
  * Update standards version to 4.6.1, no changes needed.

  [ Alessandro Astone ]
  * Update optional symbols, resolves lintian error

  [ Gabriel F. T. Gomes ]
  * Fix lintian warning: Build-Depends on obsolete libncursesw5-dev.

Date: 2025-01-19 10:34:16.375251+00:00
Signed-By: Jeremy Bícha <jeremy.bicha at canonical.com>
https://launchpad.net/ubuntu/+source/libcdio/2.1.0-5
-------------- next part --------------
Sorry, changesfile not available.