#10551: libvorbis-1.3.6 --------------------+----------------------- Reporter: bdubbs | Owner: bdubbs Type: defect | Status: assigned Priority: high | Milestone: 8.3 Component: BOOK | Version: SVN Severity: normal | Resolution: Keywords: | --------------------+----------------------- Description changed by ken@…:
Old description: > New point version. > > Fixes CVE-2018-5146 which was used against firefox's internal copy in the > recent Pwn2Own contest. > > [http://openwall.com/lists/oss-security/2018/03/16/4] New description: New point version. Fixes CVE-2018-5146 which was used against firefox's internal copy in the recent Pwn2Own contest. [http://openwall.com/lists/oss-security/2018/03/16/4] From the release notes at github * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in codebook parsing. * Fix residue vector size in Vorbis I spec. * Appveyor support * Travis CI support * Add secondary CMake build system. * Build system fixes -- -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/10551#comment:3> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page