Bug#870341: libvorbis: CVE-2017-11333

[Petter Reinholdtsen]

Control: fixed -1 1.3.5-4+deb9u1 1.3.5-4.1

I've tried to figure out the details, as as far sa I can tell,
the patch fixing #876778 (CVE-2017-14633), also fixes this issue,
by limiting the number of channels allowed.  At least that is what
I can read from the upstream bug tracker, where the issues
for the two CVEs are closed with the same commit.

-- 
Happy hacking
Petter Reinholdtsen