Control: fixed -1 1.3.5-4+deb9u1 1.3.5-4.1
I've tried to figure out the details, as as far sa I can tell,
the patch fixing #876778 (CVE-2017-14633), also fixes this issue,
by limiting the number of channels allowed. At least that is what
I can read from the upstream bug tracker, where the issues
According to the upstream developer TD-Linux on #xiph, the
CVE-2017-11333 issue is fixed upstream. I have not checked
the details but suspect it was fixed in version 1.3.6
released yesterday.
--
Happy hacking
Petter Reinholdtsen
control: clone -1 -2
control: retitle -2 missing error checking when encoding vorbis
control: tags -2 +patch
Hi sox mantainers,
On Mon, Nov 20, 2017 at 04:39:51PM +0100, Guido Günther wrote:
> Hi Petter,
> On Tue, Aug 01, 2017 at 08:02:47PM +0200, Petter Reinholdtsen wrote:
> > Control: retitle -1
Hi Petter,
On Tue, Aug 01, 2017 at 08:02:47PM +0200, Petter Reinholdtsen wrote:
> Control: retitle -1 libvorbis: CVE-2017-11333 OOM via crafted WAV file
>
> I've tried to figure out of the recently reported security problems are
> reported upstream, but the upstream bug tracker is being moved from
Control: retitle -1 libvorbis: CVE-2017-11333 OOM via crafted WAV file
I've tried to figure out of the recently reported security problems are
reported upstream, but the upstream bug tracker is being moved from
trac.xiph.org to https://gitlab.xiph.org/xiph and the migration is
not done yet, so it
Source: libvorbis
Version: 1.3.5-4
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libvorbis, can you
double-check the report.
CVE-2017-11333[0]:
| The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis
| 1.3.5 allows remote attacker
6 matches
Mail list logo
