Comment 2 for bug 948459

This bug was fixed in the package libvorbis - 1.3.5-3ubuntu0.2+esm1

---------------
libvorbis (1.3.5-3ubuntu0.2+esm1) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds access
    - debian/patches/CVE-2017-14160_CVE-2018-10393-1.patch: add boundaries
      check in bark_noise_hybridmp() in lib/psy.c.
    - debian/patches/CVE-2017-14160_CVE-2018-10393-2.patch: add further
      boundaries checks in bark_noise_hybridmp() in lib/psy.c.
    - debian/patches/CVE-2018-10392.patch: add a validation for channels
      boundaries in vorbis_encode_setup_init() in lib/vorbisenc.c.
    - CVE-2017-14160, CVE-2018-10392, CVE-2018-10393
  * Fix autopkgtest:
    - debian/patches/0003-vorbisenc-detect-if-new-template-is-null.patch:
      check if new_template is NULL at vorbis_encode_ctl() in
      lib/vorbisenc.c.

 -- Rodrigo Figueiredo Zaiden <email address hidden> Wed, 11 May 2022 14:54:32 -0300