FS#67126 : [security][libvorbis] patch CVE-2017-14160, CVE-2018-10392

FS#67126 - [security][libvorbis] patch CVE-2017-14160, CVE-2018-10392

Attached to Project: Arch Linux
Opened by T.J. Townsend (blakkheim) - Friday, 26 June 2020, 19:37 GMT
Last edited by Maxime Gauduin (Alucryd) - Saturday, 04 July 2020, 16:30 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Maxime Gauduin (Alucryd) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
The 1.3.6. libvorbis package needs some security fixes. Attached patch to PKGBUILD adds them.

https://github.com/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25

https://github.com/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b

Additional info:
Some other changes may fix additional security flaws:

https://github.com/xiph/vorbis/compare/v1.3.6...master

libvorbis.diff (1.3 KiB)

This task depends upon

Closed by Maxime Gauduin (Alucryd)
Saturday, 04 July 2020, 16:30 GMT
Reason for closing: Fixed
Additional comments about closing: 1.3.7

Comment by T.J. Townsend (blakkheim) - Friday, 26 June 2020, 19:40 GMT

Patch had a misspelling, sorry. Fixed in v2.

libvorbis-v2.diff (1.3 KiB)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#67126 - [security][libvorbis] patch CVE-2017-14160, CVE-2018-10392

Details

Loading...