Skip to content

Commit

Permalink
Reference CVE-2018-10392 in the release notes.
Browse files Browse the repository at this point in the history 
The fix for this issue was in the 1.3.7 release, but we didn't
refer to the CVE number explicitly in the release notes. Do
so now for the benefit of anyone auditing vulnerability
fixes in the future.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
  • Loading branch information
@rillian
rillian committed Jul 20, 2020
1 parent 0657aee commit dfc3df7
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions CHANGES
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ libvorbis 1.3.7 (2020-07-04) -- "Xiph.Org libVorbis I 20200704 (Reducing Environ

* Fix CVE-2018-10393 - out-of-bounds read encoding very low sample rates.
* Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
* Fix CVE-2018-10392 - out-of-bounds access encoding invalid channel count.
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
Expand Down

0 comments on commit dfc3df7

Please sign in to comment.