This bug was fixed in the package libvorbis - 1.3.5-3ubuntu0.2+esm1 --------------- libvorbis (1.3.5-3ubuntu0.2+esm1) xenial-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds access - debian/patches/CVE-2017-14160_CVE-2018-10393-1.patch: add boundaries check in bark_noise_hybridmp() in lib/psy.c. - debian/patches/CVE-2017-14160_CVE-2018-10393-2.patch: add further boundaries checks in bark_noise_hybridmp() in lib/psy.c. - debian/patches/CVE-2018-10392.patch: add a validation for channels boundaries in vorbis_encode_setup_init() in lib/vorbisenc.c. - CVE-2017-14160, CVE-2018-10392, CVE-2018-10393 * Fix autopkgtest: - debian/patches/0003-vorbisenc-detect-if-new-template-is-null.patch: check if new_template is NULL at vorbis_encode_ctl() in lib/vorbisenc.c. -- Rodrigo Figueiredo Zaiden <rodrigo.zai...@canonical.com> Wed, 11 May 2022 14:54:32 -0300 ** Also affects: libvorbis (Ubuntu) Importance: Undecided Status: New ** Also affects: libvorbis (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: vorbis-tools (Ubuntu Xenial) Importance: Undecided Status: New ** No longer affects: vorbis-tools (Ubuntu Xenial) ** Changed in: libvorbis (Ubuntu Xenial) Status: New => Fix Released ** Changed in: libvorbis (Ubuntu) Status: New => Confirmed ** Bug watch added: gitlab.xiph.org/xiph/vorbis/-/issues #1975 https://gitlab.xiph.org/xiph/vorbis/-/issues/1975 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/948459 Title: oggenc fails when using '--advanced-encode-option disable_coupling' switch and CBR encoding To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvorbis/+bug/948459/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs