According to the upstream developer TD-Linux on #xiph, the CVE-2017-11333 issue is fixed upstream. I have not checked the details but suspect it was fixed in version 1.3.6 released yesterday. -- Happy hacking Petter Reinholdtsen
- Bug#870341: libvorbis: CVE-2017-11333 Petter Reinholdtsen
- Bug#870341: libvorbis: CVE-2017-11333 Petter Reinholdtsen

