Fedora 28: libvorbis Security Update
Summary
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free,
general-purpose compressed audio format for audio and music at fixed
and variable bitrates.
The libvorbis package contains runtime libraries for use in programs
that support Ogg Vorbis.
Sync with git (CVE-2017-14160, CVE-2018-10392, CVE-2018-10393, bz#1516379)
* Tue Jul 31 2018 Adam Jackson
- Sync with git (CVE-2017-14160, CVE-2018-10392,
CVE-2018-10393, #1516379)
* Fri Jul 13 2018 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[ 1 ] Bug #1516379 - vorbis-tools: Uninitialized local variable gets freed in lib/info.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1516379
[ 2 ] Bug #1574199 - CVE-2018-10392 CVE-2018-10393 libvorbis: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1574199
[ 3 ] Bug #1480650 - CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 libvorbis: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1480650
su -c 'dnf upgrade --advisory FEDORA-2018-0259281ab6' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBO6CQ76C4M7ECXJDAPJ5QJYBHSGKJX/
FEDORA-2018-0259281ab6 2018-08-03 20:44:52.881452 Product : Fedora 28 Version : 1.3.6 Release : 3.fc28 URL : https://www.xiph.org/ Summary : The Vorbis General Audio Compression Codec Description : Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis. Sync with git (CVE-2017-14160, CVE-2018-10392, CVE-2018-10393, bz#1516379) * Tue Jul 31 2018 Adam Jackson - 1.3.6-3 - Sync with git (CVE-2017-14160, CVE-2018-10392, CVE-2018-10393, #1516379) * Fri Jul 13 2018 Fedora Release Engineering - 1:1.3.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [ 1 ] Bug #1516379 - vorbis-tools: Uninitialized local variable gets freed in lib/info.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1516379 [ 2 ] Bug #1574199 - CVE-2018-10392 CVE-2018-10393 libvorbis: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1574199 [ 3 ] Bug #1480650 - CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 libvorbis: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1480650 su -c 'dnf upgrade --advisory FEDORA-2018-0259281ab6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBO6CQ76C4M7ECXJDAPJ5QJYBHSGKJX/
Change Log
References