Bug#870341: libvorbis: CVE-2017-11333

Petter Reinholdtsen pere at hungry.com
Thu Mar 22 07:13:31 UTC 2018

Control: fixed -1 1.3.5-4+deb9u1 1.3.5-4.1

I've tried to figure out the details, as as far sa I can tell,
the patch fixing #876778 (CVE-2017-14633), also fixes this issue,
by limiting the number of channels allowed.  At least that is what
I can read from the upstream bug tracker, where the issues
for the two CVEs are closed with the same commit.

Happy hacking
Petter Reinholdtsen

More information about the pkg-xiph-maint mailing list