libvorbis: 1.3.5 -> 1.3.6
This update includes the removed patches (CVE-2017-14632, CVE-2017-14633) and additionally fixes CVE-2018-5146 [1]. The changelog: libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)" * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in codebook parsing. * Fix residue vector size in Vorbis I spec. * Appveyor support * Travis CI support * Add secondary CMake build system. * Build system fixes [1] http://seclists.org/oss-sec/2018/q1/243
parent
879f144d
Please register or sign in to comment