nixpkgs-suyu/pkgs/development/libraries/libvorbis
Andreas Rammhold 879ffc06fe
libvorbis: 1.3.5 -> 1.3.6
This update includes the removed patches (CVE-2017-14632,
CVE-2017-14633) and additionally fixes CVE-2018-5146 [1].

The changelog:

libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)"

* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes

[1] http://seclists.org/oss-sec/2018/q1/243
2018-03-17 19:17:56 +01:00
..
default.nix