Bug#776086: vorbis-tools: CVE-2014-9638 CVE-2014-9639 CVE-2014-9640

Moritz Muehlenhoff jmm at inutil.org
Thu Feb 12 15:41:52 UTC 2015


On Sun, Jan 25, 2015 at 06:35:14PM +0100, Martin Steghöfer wrote:
> retitle 776086 CVE-2014-9638 CVE-2014-9639
> thanks
> 
> 
> Dear Salvatore,
> 
> thank you for reporting this!
> 
> 
> Salvatore Bonaccorso wrote:
> >CVE-2014-9638[0]:
> >Oggenc division by zero issue
> 
> Confirmed with 1.4.0-6 as well as with the current git head. There
> doesn't seem to be a fix yet, so I am going to look into it.
> 
> >CVE-2014-9639[1]:
> >Oggenc channel integer overflow
> 
> Confirmed with 1.4.0-6 as well as with the current git head. There
> doesn't seem to be a fix yet, so I am going to look into it.

Did you contact upstream, are fixes available for these?

Cheers,
        Moritz



More information about the pkg-xiph-maint mailing list