Bug#893130: libvorbis: CVE-2018-5146: out-of-bounds memory write
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 16 18:27:52 UTC 2018
Source: libvorbis
Version: 1.3.4-2
Severity: grave
Tags: patch security upstream
Control: fixed -1 1.3.4-2+deb8u1
Control: fixed -1 1.3.5-4+deb9u2
Hi,
the following vulnerability was published for libvorbis.
CVE-2018-5146[0]:
out-of-bounds memory write
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-5146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
[1] https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
[2] https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
Regards,
Salvatore
More information about the pkg-xiph-maint
mailing list