This bug was fixed in the package libvorbis - 1.3.5-3ubuntu0.2+esm1 --------------- libvorbis (1.3.5-3ubuntu0.2+esm1) xenial-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds access - debian/patches/CVE-2017-14160_CVE-2018-10393-1.patch: add boundaries check in bark_noise_hybridmp() in lib/psy.c. - debian/patches/CVE-2017-14160_CVE-2018-10393-2.patch: add further boundaries checks in bark_noise_hybridmp() in lib/psy.c. - debian/patches/CVE-2018-10392.patch: add a validation for channels boundaries in vorbis_encode_setup_init() in lib/vorbisenc.c. - CVE-2017-14160, CVE-2018-10392, CVE-2018-10393 * Fix autopkgtest: - debian/patches/0003-vorbisenc-detect-if-new-template-is-null.patch: check if new_template is NULL at vorbis_encode_ctl() in lib/vorbisenc.c. -- Rodrigo Figueiredo Zaiden <rodrigo.zai...@canonical.com> Wed, 11 May 2022 14:54:32 -0300 ** Also affects: libvorbis (Ubuntu) Importance: Undecided Status: New ** Also affects: libvorbis (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: vorbis-tools (Ubuntu Xenial) Importance: Undecided Status: New ** No longer affects: vorbis-tools (Ubuntu Xenial) ** Changed in: libvorbis (Ubuntu Xenial) Status: New => Fix Released ** Changed in: libvorbis (Ubuntu) Status: New => Confirmed ** Bug watch added: gitlab.xiph.org/xiph/vorbis/-/issues #1975 https://gitlab.xiph.org/xiph/vorbis/-/issues/1975 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libvorbis in Ubuntu. https://bugs.launchpad.net/bugs/948459 Title: oggenc fails when using '--advanced-encode-option disable_coupling' switch and CBR encoding Status in libvorbis package in Ubuntu: Confirmed Status in vorbis-tools package in Ubuntu: New Status in libvorbis source package in Xenial: Fix Released Bug description: Running the following command line in a shell (with in.wav being a commong 16bit 44,1KHz wave file): oggenc -b 80 -m 80 -M 80 --advanced-encode-option disable_coupling -o out.ogg in.wav I get the following output: Mise en route du mécanisme de gestion du débit Ouverture avec le module wav : WAV file reader Encodage de "stereo.wav" en "out.ogg" en utilisant la gestion du débit (min 80 kbps, max 80 kbps) Setting advanced encoder option "disable_coupling" Erreur de segmentation Without the '--advanced-encode-option disable_coupling' switch, encoding works as usual. More about my setup: Ubuntu 10.10 amd64 (all packages up to date) vorbis-tools 1.4.0 More information available on demand, this is the first time I file a bug here. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvorbis/+bug/948459/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp