Bug#870341: libvorbis: CVE-2017-11333
Petter Reinholdtsen
pere at hungry.com
Thu Mar 22 07:13:31 GMT 2018
Control: fixed -1 1.3.5-4+deb9u1 1.3.5-4.1
I've tried to figure out the details, as as far sa I can tell,
the patch fixing #876778 (CVE-2017-14633), also fixes this issue,
by limiting the number of channels allowed. At least that is what
I can read from the upstream bug tracker, where the issues
for the two CVEs are closed with the same commit.
--
Happy hacking
Petter Reinholdtsen
More information about the pkg-multimedia-maintainers
mailing list