Package "mpg123"

  mpg123 (1.25.13-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for OOB write (LP: #2089680)
    - debian/patches/CVE-2024-10573-2.patch: safeguard against attempts to
      decode if decoder setup failed and user ignored the returned error
      code in src/libmpg123/format.c, src/libmpg123/frame.h,
      src/libmpg123/libmpg123.c, src/mpg123.c.
    - CVE-2024-10573

 -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2024 10:23:12 -0500

  mpg123 (1.25.13-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: OOB write during PCM decoding
    - debian/patches/CVE-2024-10573.patch: don't prepare for actual frame
      data when there is none and separate header data into a struct,
      ensure late updating in frame in src/libmpg123/frame.c,
      src/libmpg123/frame.h, src/libmpg123/layer1.c,
      src/libmpg123/layer2.c, src/libmpg123/layer3.c,
      src/libmpg123/libmpg123.c, src/libmpg123/parse.c,
      src/libmpg123/getbits.h.
    - CVE-2024-10573

 -- Marc Deslauriers <email address hidden> Mon, 04 Nov 2024 13:49:25 -0500