update libvorbis to 1.3.6
Bug #1756516 reported by
Mike Neac
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvorbis (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)"
* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes
information type: | Private Security → Public Security |
Changed in libvorbis (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
libvorbis 1.3.6 is in cosmic and the CVEs were already fixed in bionic (and earlier through security updates, I believe)