UbuntuUpdates.org

Package "libvorbis0a"

Name: libvorbis0a

Description:

decoder library for Vorbis General Audio Compression Codec

Latest version: 1.3.5-3ubuntu0.2
Release: xenial (16.04)
Level: updates
Repository: main
Head package: libvorbis
Homepage: http://www.xiph.org/vorbis/

Links


Download "libvorbis0a"


Other versions of "libvorbis0a" in Xenial

Repository Area Version
base main 1.3.5-3
security main 1.3.5-3ubuntu0.2

Changelog

Version: 1.3.5-3ubuntu0.2 2018-03-22 14:06:42 UTC

  libvorbis (1.3.5-3ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in codebook decoding
    - debian/patches/CVE-2018-5146.patch: fix codebook decoding in
      lib/codebook.c.
    - CVE-2018-5146

 -- Marc Deslauriers <email address hidden> Wed, 21 Mar 2018 13:53:29 -0400

Source diff to previous version
CVE-2018-5146 out-of-bound write

Version: 1.3.5-3ubuntu0.1 2018-02-13 21:06:27 UTC

  libvorbis (1.3.5-3ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Remote code execution
    - debian/patches/CVE-2017-14632.patch: don't clear opb in
      lib/info.c.
    - CVE-2017-14632
  * SECURITY UPDATE: out-of-bounds array read
    - debian/patches/CVE-2017-14633.patch: don't allow for more than
      256 channels in lib/info.c.
    - CVE-2017-14633

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 13 Feb 2018 13:21:29 -0300

CVE-2017-14632 Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi
CVE-2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS



About   -   Send Feedback to @ubuntu_updates