David, vorbis-tools requires a patch for CVE-2014-9640:
http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch There are other patches in that repo that you may wish to consider adding; at a minimum, I would recommend the patch for vcut: http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1003607.patch TIA, Yaakov
