-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libvorbis Version : 1.3.4-2+deb8u2 CVE ID : CVE-2017-14160 CVE-2018-10392 CVE-2018-10393
Several issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec.
The fix for CVE-2017-14160 and CVE-2018-10393 improve the bound checking for very low sample rates.
CVE-2018-10392 was found because the number of channels was not validated and a remote attacker could cause a denial of service.
For Debian 8 "Jessie", these problems have been fixed in version 1.3.4-2+deb8u2. We recommend that you upgrade your libvorbis packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl3e7SxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdaCg/+IfsADd6cy/u6HNplWLt5NyC0TZaLpZK/YA9IQf7mz57jHywZD5/eG3wY SJR2KFJnB3BaD5FvXRTR3qKF/TFAkjk0un42UEzmmobsAasz526MLbgIEVKvLnVh jLfN8oR6OrVXErxEul9GLIfOgY2cyezARp4XS06hqxzIBpzghGuxceLEsbpivVC0 u7KL7sUU3OD3xJJ5F33RXTzpHOiWSwIyxUXQrf3ubSwCiu4p6pkcjf7GOtD1JBTy a2KeKUoRN3P2re8DCe/2QPoB1WTNxeBWFkXsjkMe1G+ygsXFDkYKqiAAdJElpWB0 VSuGr+VlxdZjOkGOh3fBpWxgAxyzWam6ZiQDCZ9p+qr0Uu4K6b/If7O4MucxMZR0 coOQfbxswNL8+OULKR0TvRhREHPRE828l3hdbJApFEckl1dYfPB/wZX+IimVSIiz N6sa12JwvgvhCsquHrnQO88fEdMVDiIv50KX8+fw3ai0llTnKUAJ/4FIBBHaBZ6q F0OWdsh3XQ5R6bVsy5S3E2VNd/QQsxzghoO7FOcYROzffSjlICas1vt8PyRixn+s uzEtxEVUn9BRFtbgCfff5KO7F1+suDeZ8TAeZy1xkJPNXOwgbqRcLxMe+BthR40i p8juQEqkZyiltc5q0RcrkV7Bi/IbaAQFVHF4EP5LLEV0/gIiN7w= =6BYL -----END PGP SIGNATURE-----
