FEDORA-2019-2e385f97e2

security update in Fedora 29 for mingw-libvorbis

Status: stable 7 months ago

MinGW cross compiled libvorbis 1.3.6 + various patches backported from git.

This is a security fix for: CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 CVE-2018-5146 CVE-2018-10392 CVE-2018-10393

Comments 6

This update has been submitted for testing by kalev.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by kalev.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 7 months ago
in testing 7 months ago
in stable 7 months ago

Related Bugs 7

00 #1480643 CVE-2017-11333 libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c
00 #1480645 CVE-2017-11735 libvorbis: NULL pointer dereference in vorbis_block_clear function in lib/block.c
00 #1557221 CVE-2018-5146 Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08)
00 #1558174 CVE-2018-5146 mingw-libvorbis: Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) [fedora-all]
00 #1574193 CVE-2018-10392 libvorbis: heap buffer overflow in mapping0_forward function
00 #1574194 CVE-2018-10393 libvorbis: stack buffer overflow in bark_noise_hybridmp function
00 #1574200 CVE-2018-10392 CVE-2018-10393 mingw-libvorbis: various flaws [fedora-all]

Automated Test Results