This bug was fixed in the package libvorbis - 1.3.5-3ubuntu0.2+esm1
---------------
libvorbis (1.3.5-3ubuntu0.2+esm1) xenial-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds access
- debian/patches/CVE-2017-14160_CVE-2018-10393-1.patch: add boundaries
check in bark_noise_hybridmp() in lib/psy.c.
- debian/patches/CVE-2017-14160_CVE-2018-10393-2.patch: add further
boundaries checks in bark_noise_hybridmp() in lib/psy.c.
- debian/patches/CVE-2018-10392.patch: add a validation for channels
boundaries in vorbis_encode_setup_init() in lib/vorbisenc.c.
- CVE-2017-14160, CVE-2018-10392, CVE-2018-10393
* Fix autopkgtest:
- debian/patches/0003-vorbisenc-detect-if-new-template-is-null.patch:
check if new_template is NULL at vorbis_encode_ctl() in
lib/vorbisenc.c.
-- Rodrigo Figueiredo Zaiden <[email protected]> Wed, 11
May 2022 14:54:32 -0300
** Also affects: libvorbis (Ubuntu)
Importance: Undecided
Status: New
** Also affects: libvorbis (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: vorbis-tools (Ubuntu Xenial)
Importance: Undecided
Status: New
** No longer affects: vorbis-tools (Ubuntu Xenial)
** Changed in: libvorbis (Ubuntu Xenial)
Status: New => Fix Released
** Changed in: libvorbis (Ubuntu)
Status: New => Confirmed
** Bug watch added: gitlab.xiph.org/xiph/vorbis/-/issues #1975
https://gitlab.xiph.org/xiph/vorbis/-/issues/1975
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/948459
Title:
oggenc fails when using '--advanced-encode-option disable_coupling'
switch and CBR encoding
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvorbis/+bug/948459/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs