[SECURITY] [DLA 2039-1] libvorbis security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libvorbis
Version : 1.3.4-2+deb8u3
CVE ID : CVE-2017-11333 CVE-2017-14633
Two issues have been found in libvorbis, a decoder library for Vorbis
General Audio Compression Codec.
2017-14633
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in
mapping0.c, which may lead to DoS when operating on a crafted
audio file with vorbis_analysis().
2017-11333
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
libvorbis 1.3.5 allows remote attackers to cause a denial of
service (OOM) via a crafted wav file.
For Debian 8 "Jessie", these problems have been fixed in version
1.3.4-2+deb8u3.
We recommend that you upgrade your libvorbis packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl35HflfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdbkBAAknZTSvwoaUD6ITtS9v9lnauD2s33Y/pSI3dxcSY/Nulbc3xNyMspve0T
08pbTSWKb1b0SZWw08vr7cAFdu7xusmq2h978AdiAhwtf/htPn2rRZ3mMJNzkBOe
Ltmbllq5R2OFqlOmyelsIyozoyAmayYVJUirR7MwkNv40Fb1/J8r1c9G2M+2lbJZ
NKtjPyxnFq1WMgOCLXo8gFf4l/mvf0eAM8+ScbaSZkeYNJsauQH+RNwkx0W1S0Jx
bZgIZYsrsXku7UlZJpMu0TKLJX1quTHwOlqQOidvaP5Z7j5e28r2Jyjq8OyVE/JY
JvX9YHHvIEFRTFRevarRfbgz3W76GCle5PSFvcqILe+pS9KEGxFDdjMOHg4aBvQG
LoJSoon1T/VOHzUhHRu8/FDWlkes80m6QHikX2Mw+LshpS8vuO6r97yr15UZ7Z6m
fgqYScumxGKIH6l3J6GNM+zolaVNz9/m2FYqrnVDoDAszYDIvJlOg8iHARPF96f0
mkymp1CZpWtFL6etGQdXkx3TbA6CzQfY38idSI+aHsbCcvadMOPDKnm5MXMoV/Th
T/ou0lmePEiaQvR2549EFLSwChJxbmNkSZttyXBqKGi35F1dXVATz9Ll+E0jt8wJ
c2d6LEzbVVh4A7S9nzCvA/JchxLY38c6SZ2AMTW1L+rjOMLqgRM=
=V+B7
-----END PGP SIGNATURE-----
Reply to: