Package: libvorbis Version: 1.1.2.dfsg-1.2 Severity: serious Tags: security
Hi, These issues are reported to be fixed in >= 1.2.0 but I can't find any references in the stable changelog that those were fixed. CVE-2007-4029: libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. Please include the CVE id in the changelog. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpuWOy8QNdgv.pgp
Description: PGP signature
