Summary: | media-libs/libvorbis : multiple vulnerabilities (CVE-2017-1133{3,5}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | leio, sergeev917, sound, sudormrfhalt |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/fulldisclosure/2017/Jul/82 | ||
Whiteboard: | C3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Christopher Díaz Riveros (RETIRED)
2017-07-31 13:18:17 UTC
libvorbis 1.3.6 has been released by upstream, can an ebuild for it be added to the gentoo tree please? 1.3.6 CHANGES has this: * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read But I don't see any changes in block.c about this, or mentions of CVE-2017-11333/11735. Maintainer, please advise? The CVEs actually fixed in 1.3.6 are bug 650654 and bug 631632 GLSA Vote: No |