Fedora 28 Advisory: libvorbis Critical Issues and Security Update

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free,

general-purpose compressed audio format for audio and music at fixed

and variable bitrates.

The libvorbis package contains runtime libraries for use in programs

that support Ogg Vorbis.

Sync with git (CVE-2017-14160, CVE-2018-10392, CVE-2018-10393, bz#1516379)

* Tue Jul 31 2018 Adam Jackson - 1.3.6-3

- Sync with git (CVE-2017-14160, CVE-2018-10392,

CVE-2018-10393, #1516379)

* Fri Jul 13 2018 Fedora Release Engineering - 1:1.3.6-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[ 1 ] Bug #1516379 - vorbis-tools: Uninitialized local variable gets freed in lib/info.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1516379

[ 2 ] Bug #1574199 - CVE-2018-10392 CVE-2018-10393 libvorbis: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1574199

[ 3 ] Bug #1480650 - CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 libvorbis: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1480650

su -c 'dnf upgrade --advisory FEDORA-2018-0259281ab6' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBO6CQ76C4M7ECXJDAPJ5QJYBHSGKJX/