Overview
Request 819974 accepted
- Update to version 1.3.7
* Fix CVE-2018-10392 and CVE-2018-10393 - out-of-bounds read
encoding very low sample rates
* Fix CVE-2017-14160 - out-of-bounds read encoding very low
sample rates.
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
* Fix negative shift reading blocksize.
* Fix accepting unreasonable float32 values.
* Fix tag comparison depending on locale.
* Fix unnecessarily linking libm.
* Fix memory leak in test_sharedbook.
* Distribute CMake build files with the source package.
* Remove unnecessary configure --target switch.
* Add OSS-Fuzz support.
* Build system and integration updates.
- Drop not longer needed patches (fixed by upstream):
* vorbis-CVE-2017-14160.patch
* vorbis-CVE-2018-10392.patch
* vorbis-CVE-2018-10393.patch
- Add source verification
Request History
mnhauke created request
- Update to version 1.3.7
* Fix CVE-2018-10392 and CVE-2018-10393 - out-of-bounds read
encoding very low sample rates
* Fix CVE-2017-14160 - out-of-bounds read encoding very low
sample rates.
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
* Fix negative shift reading blocksize.
* Fix accepting unreasonable float32 values.
* Fix tag comparison depending on locale.
* Fix unnecessarily linking libm.
* Fix memory leak in test_sharedbook.
* Distribute CMake build files with the source package.
* Remove unnecessary configure --target switch.
* Add OSS-Fuzz support.
* Build system and integration updates.
- Drop not longer needed patches (fixed by upstream):
* vorbis-CVE-2017-14160.patch
* vorbis-CVE-2018-10392.patch
* vorbis-CVE-2018-10393.patch
- Add source verification
tiwai accepted request
Thanks.