Univention Bugzilla – Bug 54169
libvorbis: Multiple issues (4.4)
Last modified: 2021-12-01 16:07:22 CET
New Debian libvorbis 1.3.5-4+deb9u3 fixes: This update addresses the following issues: * Out-of-bounds read in the bark_noise_hybridmp function (CVE-2017-14160) * heap buffer overflow in mapping0_forward function (CVE-2018-10392) * stack buffer overflow in bark_noise_hybridmp function (CVE-2018-10393)
--- mirror/ftp/4.3/unmaintained/4.3-1/source/libvorbis_1.3.5-4+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/libvorbis_1.3.5-4+deb9u3.dsc @@ -1,3 +1,10 @@ +1.3.5-4+deb9u3 [Sat, 27 Nov 2021 19:05:10 +0200] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2017-14160, CVE-2018-10393: Improve bound checking for + very low sample rates. + * CVE-2018-10392: Validate the number of channels in vorbisenc.c + 1.3.5-4+deb9u2 [Fri, 16 Mar 2018 18:12:39 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-8/#5260713221925537611>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 336c09baf9 Bug #54169: libvorbis 1.3.5-4+deb9u3 doc/errata/staging/libvorbis.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) [4.4-8] 63fa89bdf6 Bug #54169: libvorbis 1.3.5-4+deb9u3 doc/errata/staging/libvorbis.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1113>