Bug#504421: debian/patches/CVE-2008-1420.patch breaks decoding of 1.0beta1 files

Michael Gold mgold at ncf.ca
Mon Nov 3 19:40:49 UTC 2008


Package: libvorbis0a
Version: 1.2.0.dfsg-3.1

When debian/patches/CVE-2008-1420.patch is applied to libvorbis 1.2.0,
applications using libvorbis are no longer able to play files encoded
with libvorbis 1.0beta1. vorbis_synthesis_headerin produces an error
when it's given the codebook header.

I've attached a sample file I encoded with beta1 (lits-vorbis1.0b1.ogg,
which is the first 9 seconds of Nine Inch Nails - Lights in the Sky).
ogg123 produces this error when I try to play the file:
  Error opening lits-vorbis1.0b1.ogg using the oggvorbis module.
  The file may be corrupted.

It plays fine if I remove the CVE-2008-1420 patch. 1.0beta1 can be
downloaded here for testing:
  http://downloads.xiph.org/releases/vorbis/vorbis-1.0b1.tar.bz2

- Michael


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libvorbis0a depends on:
ii  libc6                         2.7-15     GNU C Library: Shared libraries
ii  libogg0                       1.1.3-4    Ogg Bitstream Library

libvorbis0a recommends no packages.

libvorbis0a suggests no packages.

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lits-vorbis1.0b1.ogg
Type: audio/ogg
Size: 83353 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-xiph-maint/attachments/20081103/80de38a5/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-xiph-maint/attachments/20081103/80de38a5/attachment-0001.pgp 


More information about the pkg-xiph-maint mailing list