Bug#504421: debian/patches/CVE-2008-1420.patch breaks decoding of 1.0beta1 files
Michael Gold
mgold at ncf.ca
Mon Nov 3 19:40:49 UTC 2008
Package: libvorbis0a
Version: 1.2.0.dfsg-3.1
When debian/patches/CVE-2008-1420.patch is applied to libvorbis 1.2.0,
applications using libvorbis are no longer able to play files encoded
with libvorbis 1.0beta1. vorbis_synthesis_headerin produces an error
when it's given the codebook header.
I've attached a sample file I encoded with beta1 (lits-vorbis1.0b1.ogg,
which is the first 9 seconds of Nine Inch Nails - Lights in the Sky).
ogg123 produces this error when I try to play the file:
Error opening lits-vorbis1.0b1.ogg using the oggvorbis module.
The file may be corrupted.
It plays fine if I remove the CVE-2008-1420 patch. 1.0beta1 can be
downloaded here for testing:
http://downloads.xiph.org/releases/vorbis/vorbis-1.0b1.tar.bz2
- Michael
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libvorbis0a depends on:
ii libc6 2.7-15 GNU C Library: Shared libraries
ii libogg0 1.1.3-4 Ogg Bitstream Library
libvorbis0a recommends no packages.
libvorbis0a suggests no packages.
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lits-vorbis1.0b1.ogg
Type: audio/ogg
Size: 83353 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-xiph-maint/attachments/20081103/80de38a5/attachment-0001.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-xiph-maint/attachments/20081103/80de38a5/attachment-0001.pgp
More information about the pkg-xiph-maint
mailing list