* SECURITY UPDATE: Out-of-bounds access
- debian/patches/CVE-2017-14160_CVE-2018-10393-1.patch: add boundaries
check in bark_noise_hybridmp() in lib/psy.c.
- debian/patches/CVE-2017-14160_CVE-2018-10393-2.patch: add further
boundaries checks in bark_noise_hybridmp() in lib/psy.c.
- debian/patches/CVE-2018-10392.patch: add a validation for channels
boundaries in vorbis_encode_setup_init() in lib/vorbisenc.c.
- CVE-2017-14160, CVE-2018-10392, CVE-2018-10393
* Fix autopkgtest:
- debian/patches/0003-vorbisenc-detect-if-new-template-is-null.patch:
check if new_template is NULL at vorbis_encode_ctl() in
lib/vorbisenc.c.
This bug was fixed in the package libvorbis - 1.3.5-3ubuntu0. 2+esm1
--------------- 3ubuntu0. 2+esm1) xenial-security; urgency=medium
libvorbis (1.3.5-
* SECURITY UPDATE: Out-of-bounds access patches/ CVE-2017- 14160_CVE- 2018-10393- 1.patch: add boundaries hybridmp( ) in lib/psy.c. patches/ CVE-2017- 14160_CVE- 2018-10393- 2.patch: add further hybridmp( ) in lib/psy.c. patches/ CVE-2018- 10392.patch: add a validation for channels encode_ setup_init( ) in lib/vorbisenc.c. patches/ 0003-vorbisenc- detect- if-new- template- is-null. patch: vorbisenc. c.
- debian/
check in bark_noise_
- debian/
boundaries checks in bark_noise_
- debian/
boundaries in vorbis_
- CVE-2017-14160, CVE-2018-10392, CVE-2018-10393
* Fix autopkgtest:
- debian/
check if new_template is NULL at vorbis_encode_ctl() in
lib/
-- Rodrigo Figueiredo Zaiden <email address hidden> Wed, 11 May 2022 14:54:32 -0300