#10551: libvorbis-1.3.6
--------------------+-----------------------
Reporter: bdubbs | Owner: bdubbs
Type: defect | Status: assigned
Priority: high | Milestone: 8.3
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
--------------------+-----------------------
Description changed by ken@…:
Old description:
> New point version.
>
> Fixes CVE-2018-5146 which was used against firefox's internal copy in the
> recent Pwn2Own contest.
>
> [http://openwall.com/lists/oss-security/2018/03/16/4]
New description:
New point version.
Fixes CVE-2018-5146 which was used against firefox's internal copy in the
recent Pwn2Own contest.
[http://openwall.com/lists/oss-security/2018/03/16/4]
From the release notes at github
* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes
--
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/10551#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
