Bug#776086: vorbis-tools: CVE-2014-9638 CVE-2014-9639 CVE-2014-9640
Moritz Muehlenhoff
jmm at inutil.org
Thu Feb 12 15:41:52 UTC 2015
On Sun, Jan 25, 2015 at 06:35:14PM +0100, Martin Steghöfer wrote:
> retitle 776086 CVE-2014-9638 CVE-2014-9639
> thanks
>
>
> Dear Salvatore,
>
> thank you for reporting this!
>
>
> Salvatore Bonaccorso wrote:
> >CVE-2014-9638[0]:
> >Oggenc division by zero issue
>
> Confirmed with 1.4.0-6 as well as with the current git head. There
> doesn't seem to be a fix yet, so I am going to look into it.
>
> >CVE-2014-9639[1]:
> >Oggenc channel integer overflow
>
> Confirmed with 1.4.0-6 as well as with the current git head. There
> doesn't seem to be a fix yet, so I am going to look into it.
Did you contact upstream, are fixes available for these?
Cheers,
Moritz
More information about the pkg-xiph-maint
mailing list