[Secure-testing-commits] r58966 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 27 18:16:43 UTC 2017
Author: carnil
Date: 2017-12-27 18:16:43 +0000 (Wed, 27 Dec 2017)
New Revision: 58966
Modified:
data/CVE/list
Log:
Two libvorbis issues fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-27 17:11:43 UTC (rev 58965)
+++ data/CVE/list 2017-12-27 18:16:43 UTC (rev 58966)
@@ -16864,11 +16864,11 @@
NOTE: https://github.com/erikd/libsndfile/issues/318
NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...)
- - libvorbis <unfixed> (bug #876778)
+ - libvorbis 1.3.5-4.1 (bug #876778)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329
NOTE: https://github.com/xiph/vorbis/pull/34
CVE-2017-14632 (Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing ...)
- - libvorbis <unfixed> (bug #876779)
+ - libvorbis 1.3.5-4.1 (bug #876779)
[jessie] - libvorbis <not-affected> (Vulnerable code not present)
[wheezy] - libvorbis <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2328
More information about the Secure-testing-commits
mailing list